You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
88 lines
2.8 KiB
88 lines
2.8 KiB
From d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80 Mon Sep 17 00:00:00 2001
|
|
From: Ondrej Holy <oholy@redhat.com>
|
|
Date: Thu, 23 May 2019 10:33:30 +0200
|
|
Subject: [PATCH] admin: Use fsuid to ensure correct file ownership
|
|
|
|
Files created over admin backend should be owned by root, but they are
|
|
owned by the user itself. This is because the daemon drops the uid to
|
|
make dbus connection work. Use fsuid and euid to fix this issue.
|
|
|
|
Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/21
|
|
---
|
|
daemon/gvfsbackendadmin.c | 29 +++++++----------------------
|
|
1 file changed, 7 insertions(+), 22 deletions(-)
|
|
|
|
diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
|
|
index a74d09cf..32b51b1a 100644
|
|
--- a/daemon/gvfsbackendadmin.c
|
|
+++ b/daemon/gvfsbackendadmin.c
|
|
@@ -157,19 +157,6 @@ complete_job (GVfsJob *job,
|
|
g_vfs_job_succeeded (job);
|
|
}
|
|
|
|
-static void
|
|
-fix_file_info (GFileInfo *info)
|
|
-{
|
|
- /* Override read/write flags, since the above call will use access()
|
|
- * to determine permissions, which does not honor our privileged
|
|
- * capabilities.
|
|
- */
|
|
- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE);
|
|
- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE);
|
|
- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE);
|
|
- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE);
|
|
-}
|
|
-
|
|
static void
|
|
do_query_info (GVfsBackend *backend,
|
|
GVfsJobQueryInfo *query_info_job,
|
|
@@ -195,7 +182,6 @@ do_query_info (GVfsBackend *backend,
|
|
if (error != NULL)
|
|
goto out;
|
|
|
|
- fix_file_info (real_info);
|
|
g_file_info_copy_into (real_info, info);
|
|
g_object_unref (real_info);
|
|
|
|
@@ -220,7 +206,6 @@ do_query_info_on_read (GVfsBackend *backend,
|
|
if (error != NULL)
|
|
goto out;
|
|
|
|
- fix_file_info (real_info);
|
|
g_file_info_copy_into (real_info, info);
|
|
g_object_unref (real_info);
|
|
|
|
@@ -245,7 +230,6 @@ do_query_info_on_write (GVfsBackend *backend,
|
|
if (error != NULL)
|
|
goto out;
|
|
|
|
- fix_file_info (real_info);
|
|
g_file_info_copy_into (real_info, info);
|
|
g_object_unref (real_info);
|
|
|
|
@@ -977,14 +961,15 @@ acquire_caps (uid_t uid)
|
|
struct __user_cap_header_struct hdr;
|
|
struct __user_cap_data_struct data;
|
|
|
|
- /* Tell kernel not clear capabilities when dropping root */
|
|
- if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0)
|
|
- g_error ("prctl(PR_SET_KEEPCAPS) failed");
|
|
-
|
|
- /* Drop root uid, but retain the required permitted caps */
|
|
- if (setuid (uid) < 0)
|
|
+ /* Set euid to user to make dbus work */
|
|
+ if (seteuid (uid) < 0)
|
|
g_error ("unable to drop privs");
|
|
|
|
+ /* Set fsuid to still behave like root when working with files */
|
|
+ setfsuid (0);
|
|
+ if (setfsuid (-1) != 0)
|
|
+ g_error ("setfsuid failed");
|
|
+
|
|
memset (&hdr, 0, sizeof(hdr));
|
|
hdr.version = _LINUX_CAPABILITY_VERSION;
|
|
|
|
--
|
|
2.23.0
|
|
|