diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /app-admin/augeas/files/cve-bunch-of-them-symlink.patch |
reinit the tree, so we can have metadata
Diffstat (limited to 'app-admin/augeas/files/cve-bunch-of-them-symlink.patch')
-rw-r--r-- | app-admin/augeas/files/cve-bunch-of-them-symlink.patch | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/app-admin/augeas/files/cve-bunch-of-them-symlink.patch b/app-admin/augeas/files/cve-bunch-of-them-symlink.patch new file mode 100644 index 000000000000..3bd1d95ae42d --- /dev/null +++ b/app-admin/augeas/files/cve-bunch-of-them-symlink.patch @@ -0,0 +1,76 @@ +From 051c73a9a7ffe9e525f6f0a1b8f5198ff8cc6752 Mon Sep 17 00:00:00 2001 +From: Dominic Cleal <dcleal@redhat.com> +Date: Sat, 11 Aug 2012 20:39:14 +0100 +Subject: [PATCH] Fix regression in permissions of created files + +Commit 16387744 changed temporary file creation to use mkstemp, resulting in +new files being created with 0600 permissions. For brand new files created +through Augeas, their permissions stayed at 0600 rather than being set by the +umask as before. + + * src/transform.c (transform_save): chmod after creating new files to + permissions implied by the umask +--- + src/transform.c | 10 ++++++++++ + tests/test-preserve.sh | 15 ++++++++++++++- + 2 files changed, 24 insertions(+), 1 deletion(-) + +diff --git a/src/transform.c b/src/transform.c +index a3acd10..1ca3d5f 100644 +--- a/src/transform.c ++++ b/src/transform.c +@@ -1096,6 +1096,16 @@ int transform_save(struct augeas *aug, struct tree *xfm, + err_status = "xfer_attrs"; + goto done; + } ++ } else { ++ /* Since mkstemp is used, the temp file will have secure permissions ++ * instead of those implied by umask, so change them for new files */ ++ mode_t curumsk = umask(022); ++ umask(curumsk); ++ ++ if (fchmod(fileno(fp), 0666 - curumsk) < 0) { ++ err_status = "create_chmod"; ++ return -1; ++ } + } + + if (tree != NULL) +diff --git a/tests/test-preserve.sh b/tests/test-preserve.sh +index 042dab9..9719ac6 100755 +--- a/tests/test-preserve.sh ++++ b/tests/test-preserve.sh +@@ -59,9 +59,12 @@ if [ $selinux = yes -a xetc_t != "x$act_con" ] ; then + exit 1 + fi + +-# Check that we create new files without error ++# Check that we create new files without error and with permissions implied ++# from the umask + init_dirs + ++oldumask=$(umask) ++umask 0002 + $AUGTOOL > /dev/null <<EOF + set /files/etc/hosts/1/ipaddr 127.0.0.1 + set /files/etc/hosts/1/canonical host.example.com +@@ -71,6 +74,16 @@ if [ $? != 0 ] ; then + echo "augtool failed on new file" + exit 1 + fi ++if [ ! -e $hosts ]; then ++ echo "augtool didn't create new /etc/hosts file" ++ exit 1 ++fi ++act_mode=$(ls -l $hosts | cut -b 1-10) ++if [ x-rw-rw-r-- != "x$act_mode" ] ; then ++ echo "Expected mode 0664 due to $(umask) umask but got $act_mode" ++ exit 1 ++fi ++umask $oldumask + + # Check that we create new files without error when backups are requested + init_dirs +-- +1.8.5.1 + |