calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8d27b7a8da'
${ noResults }
gentoo-overlay/app-admin/augeas/files/cve-bunch-of-them-symlink.p...

77 lines
2.4 KiB
Raw Blame History

From 051c73a9a7ffe9e525f6f0a1b8f5198ff8cc6752 Mon Sep 17 00:00:00 2001
From: Dominic Cleal <dcleal@redhat.com>
Date: Sat, 11 Aug 2012 20:39:14 +0100
Subject: [PATCH] Fix regression in permissions of created files
Commit 16387744 changed temporary file creation to use mkstemp, resulting in
new files being created with 0600 permissions. For brand new files created
through Augeas, their permissions stayed at 0600 rather than being set by the
umask as before.
* src/transform.c (transform_save): chmod after creating new files to
permissions implied by the umask
---
src/transform.c | 10 ++++++++++
tests/test-preserve.sh | 15 ++++++++++++++-
2 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/src/transform.c b/src/transform.c
index a3acd10..1ca3d5f 100644
--- a/src/transform.c
+++ b/src/transform.c
@@ -1096,6 +1096,16 @@ int transform_save(struct augeas *aug, struct tree *xfm,
err_status = "xfer_attrs";
goto done;
}
+ } else {
+ /* Since mkstemp is used, the temp file will have secure permissions
+ * instead of those implied by umask, so change them for new files */
+ mode_t curumsk = umask(022);
+ umask(curumsk);
+
+ if (fchmod(fileno(fp), 0666 - curumsk) < 0) {
+ err_status = "create_chmod";
+ return -1;
+ }
}
if (tree != NULL)
diff --git a/tests/test-preserve.sh b/tests/test-preserve.sh
index 042dab9..9719ac6 100755
--- a/tests/test-preserve.sh
+++ b/tests/test-preserve.sh
@@ -59,9 +59,12 @@ if [ $selinux = yes -a xetc_t != "x$act_con" ] ; then
exit 1
fi
-# Check that we create new files without error
+# Check that we create new files without error and with permissions implied
+# from the umask
init_dirs
+oldumask=$(umask)
+umask 0002
$AUGTOOL > /dev/null <<EOF
set /files/etc/hosts/1/ipaddr 127.0.0.1
set /files/etc/hosts/1/canonical host.example.com
@@ -71,6 +74,16 @@ if [ $? != 0 ] ; then
echo "augtool failed on new file"
exit 1
fi
+if [ ! -e $hosts ]; then
+ echo "augtool didn't create new /etc/hosts file"
+ exit 1
+fi
+act_mode=$(ls -l $hosts | cut -b 1-10)
+if [ x-rw-rw-r-- != "x$act_mode" ] ; then
+ echo "Expected mode 0664 due to $(umask) umask but got $act_mode"
+ exit 1
+fi
+umask $oldumask
# Check that we create new files without error when backups are requested
init_dirs
--
1.8.5.1
Reference in new issue View Git Blame Copy Permalink