Attachment 396558 Details for Bug 540006 – 0001-checkpath-security-fix-for-chown-and-chmod.patch

[patch] 0001-checkpath-security-fix-for-chown-and-chmod.patch

0001-checkpath-security-fix-for-chown-and-chmod.patch (text/plain), 1.29 KB, created by William Hubbs on 2015-02-15 21:04:21 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: William Hubbs

Created: 2015-02-15 21:04:21 UTC

Size: 1.29 KB

patch

obsolete

>From 7e4a1b4def8923233dcdb1f4db6b0da19735c6d5 Mon Sep 17 00:00:00 2001
>From: William Hubbs <w.d.hubbs@gmail.com>
>Date: Sun, 15 Feb 2015 14:56:07 -0600
>Subject: [PATCH] checkpath: security fix for chown and chmod
>
>Do not run chown or chmod if the target file has multiple hard links.
>---
> src/rc/checkpath.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
>diff --git a/src/rc/checkpath.c b/src/rc/checkpath.c
>index 94ab474..b6f1d6a 100644
>--- a/src/rc/checkpath.c
>+++ b/src/rc/checkpath.c
>@@ -133,6 +133,10 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode,
> 	}
> 
> 	if (mode && (st.st_mode & 0777) != mode) {
>+		if ((type != inode_dir) && (st.st_nlink != 1)) {
>+			eerror("%s: chown: %s %s", applet, "Too many hard links to", path);
>+			return -1;
>+		}
> 		einfo("%s: correcting mode", path);
> 		if (chmod(path, mode)) {
> 			eerror("%s: chmod: %s", applet, strerror(errno));
>@@ -141,6 +145,10 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode,
> 	}
> 
> 	if (chowner && (st.st_uid != uid || st.st_gid != gid)) {
>+		if ((type != inode_dir) && (st.st_nlink != 1)) {
>+			eerror("%s: chown: %s %s", applet, "Too many hard links to", path);
>+			return -1;
>+		}
> 		einfo("%s: correcting owner", path);
> 		if (chown(path, uid, gid)) {
> 			eerror("%s: chown: %s", applet, strerror(errno));
>-- 
>2.0.5
>

Actions: View | Diff

Attachments on bug 540006: 396408 | 396558 | 396990 | 396992 | 396998