Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
spice-vdagent
vdagentd-Avoid-calling-chmod.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File vdagentd-Avoid-calling-chmod.patch of Package spice-vdagent
From 17a37813786431cf5a158a0d399b0107c61a1e4e Mon Sep 17 00:00:00 2001 From: Frediano Ziglio <freddy77@gmail.com> Date: Thu, 24 Sep 2020 12:13:24 +0100 Subject: [PATCH 12/20] vdagentd: Avoid calling chmod Git-commit: 952452f92c9b180f14ad2869a659349e2d517e46 References: bsc#1173749 Create the socket with the right permissions using umask. This also prevents possible symlink exploitation in case socket path is not secure. Signed-off-by: Frediano Ziglio <freddy77@gmail.com> Acked-by: Uri Lublin <uril@redhat.com> Signed-off-by: Bruce Rogers <brogers@suse.com> --- src/vdagentd/vdagentd.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c index 9794e19..963c030 100644 --- a/src/vdagentd/vdagentd.c +++ b/src/vdagentd/vdagentd.c @@ -1172,7 +1172,9 @@ int main(int argc, char *argv[]) /* systemd socket activation not enabled, create our own */ #endif /* WITH_SYSTEMD_SOCKET_ACTIVATION */ { + mode_t mode = umask(0111); udscs_server_listen_to_address(server, vdagentd_socket, &err); + umask(mode); } if (err) { @@ -1183,16 +1185,6 @@ int main(int argc, char *argv[]) return 1; } - /* no need to set permissions on a socket that was provided by systemd */ - if (own_socket) { - if (chmod(vdagentd_socket, 0666)) { - syslog(LOG_CRIT, "Fatal could not change permissions on %s: %m", - vdagentd_socket); - udscs_destroy_server(server); - return 1; - } - } - #ifdef WITH_STATIC_UINPUT uinput = vdagentd_uinput_create(uinput_device, 1024, 768, NULL, 0, debug > 1, uinput_fake); -- 2.29.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor