You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
102 lines
3.6 KiB
102 lines
3.6 KiB
From 0641129e214fa1cd2a67740c3193944285781819 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Miroslav=20Such=C3=BD?= <msuchy@redhat.com>
|
|
Date: Wed, 6 May 2020 19:10:48 +0200
|
|
Subject: [PATCH] setgid instead of setuid the
|
|
abrt-action-install-debuginfo-to-abrt-cache [RHBZ 1796245]
|
|
|
|
This is called by abrt-action-install-debuginfo-to-abrt-cache which used to be setuid and now is setgid binary.
|
|
Therefore we do not need to setuid and we neither need it.
|
|
|
|
Resolves:
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1796245
|
|
---
|
|
src/client-python/reportclient/debuginfo.py | 25 +++++++++------------
|
|
1 file changed, 11 insertions(+), 14 deletions(-)
|
|
|
|
diff --git a/src/client-python/reportclient/debuginfo.py b/src/client-python/reportclient/debuginfo.py
|
|
index 561de52f..560629cc 100644
|
|
--- a/src/client-python/reportclient/debuginfo.py
|
|
+++ b/src/client-python/reportclient/debuginfo.py
|
|
@@ -35,41 +35,38 @@ from reportclient import (_, log1, log2, RETURN_OK, RETURN_FAILURE,
|
|
error_msg)
|
|
|
|
|
|
-def ensure_abrt_uid(fn):
|
|
+def ensure_abrt_gid(fn):
|
|
"""
|
|
- Ensures that the function is called using abrt's uid and gid
|
|
+ Ensures that the function is called using abrt's gid
|
|
|
|
Returns:
|
|
Either an unchanged function object or a wrapper function object for
|
|
the function.
|
|
"""
|
|
|
|
- current_uid = os.getuid()
|
|
current_gid = os.getgid()
|
|
abrt = pwd.getpwnam("abrt")
|
|
|
|
# if we're are already running as abrt, don't do anything
|
|
- if abrt.pw_uid == current_uid and abrt.pw_gid == current_gid:
|
|
+ if abrt.pw_gid == current_gid:
|
|
return fn
|
|
|
|
def wrapped(*args, **kwargs):
|
|
"""
|
|
Wrapper function around the called function.
|
|
|
|
- Sets up uid and gid to match abrt's and after the function finishes
|
|
- rolls its uid and gid back.
|
|
+ Sets up gid to match abrt's and after the function finishes
|
|
+ rolls its gid back.
|
|
|
|
Returns:
|
|
Return value of the wrapped function.
|
|
"""
|
|
|
|
- # switch to abrt
|
|
+ # switch to abrt group
|
|
os.setegid(abrt.pw_gid)
|
|
- os.seteuid(abrt.pw_uid)
|
|
# extract the files as abrt:abrt
|
|
retval = fn(*args, **kwargs)
|
|
# switch back to whatever we were
|
|
- os.seteuid(current_uid)
|
|
os.setegid(current_gid)
|
|
return retval
|
|
|
|
@@ -79,7 +76,7 @@ def ensure_abrt_uid(fn):
|
|
# TODO: unpack just required debuginfo and not entire rpm?
|
|
# ..that can lead to: foo.c No such file and directory
|
|
# files is not used...
|
|
-@ensure_abrt_uid
|
|
+@ensure_abrt_gid
|
|
def unpack_rpm(package_full_path, files, tmp_dir, destdir, exact_files=False):
|
|
"""
|
|
Unpacks a single rpm located in tmp_dir into destdir.
|
|
@@ -265,7 +262,7 @@ class DebugInfoDownload(object):
|
|
else:
|
|
print("ERR: unmute called without mute?")
|
|
|
|
- @ensure_abrt_uid
|
|
+ @ensure_abrt_gid
|
|
def setup_tmp_dirs(self):
|
|
if not os.path.exists(self.tmpdir):
|
|
try:
|
|
@@ -406,9 +403,9 @@ class DebugInfoDownload(object):
|
|
|
|
s = os.stat(self.cachedir)
|
|
abrt = pwd.getpwnam("abrt")
|
|
- if (s.st_uid != abrt.pw_uid) or (s.st_gid != abrt.pw_gid):
|
|
- print(_("'{0}' must be owned by abrt. "
|
|
- "Please run '# chown -R abrt.abrt {0}' "
|
|
+ if s.st_gid != abrt.pw_gid:
|
|
+ print(_("'{0}' must be owned by group abrt. "
|
|
+ "Please run '# chown -R :abrt {0}' "
|
|
"to fix the issue.").format(self.cachedir))
|
|
|
|
clean_up(self.tmpdir)
|
|
--
|
|
2.21.3
|
|
|