Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
trousers.15198
bsc1164472.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bsc1164472.patch of Package trousers.15198
Index: trousers-0.3.14/src/tcs/ps/tcsps.c =================================================================== --- trousers-0.3.14.orig/src/tcs/ps/tcsps.c +++ trousers-0.3.14/src/tcs/ps/tcsps.c @@ -72,7 +72,7 @@ get_file() } /* open and lock the file */ - system_ps_fd = open(tcsd_options.system_ps_file, O_CREAT|O_RDWR, 0600); + system_ps_fd = open(tcsd_options.system_ps_file, O_CREAT|O_RDWR|O_NOFOLLOW, 0600); if (system_ps_fd < 0) { LogError("system PS: open() of %s failed: %s", tcsd_options.system_ps_file, strerror(errno)); Index: trousers-0.3.14/src/tcsd/svrside.c =================================================================== --- trousers-0.3.14.orig/src/tcsd/svrside.c +++ trousers-0.3.14/src/tcsd/svrside.c @@ -473,6 +473,7 @@ main(int argc, char **argv) } return TCSERR(TSS_E_INTERNAL_ERROR); } + setgid(pwd->pw_gid); setuid(pwd->pw_uid); #endif #endif Index: trousers-0.3.14/src/tcsd/tcsd_conf.c =================================================================== --- trousers-0.3.14.orig/src/tcsd/tcsd_conf.c +++ trousers-0.3.14/src/tcsd/tcsd_conf.c @@ -743,7 +743,7 @@ conf_file_init(struct tcsd_config *conf) #ifndef SOLARIS struct group *grp; struct passwd *pw; - mode_t mode = (S_IRUSR|S_IWUSR); + mode_t mode = (S_IRUSR|S_IWUSR|S_IRGRP); #endif /* SOLARIS */ TSS_RESULT result; @@ -798,15 +798,15 @@ conf_file_init(struct tcsd_config *conf) } /* make sure user/group TSS owns the conf file */ - if (pw->pw_uid != stat_buf.st_uid || grp->gr_gid != stat_buf.st_gid) { + if (stat_buf.st_uid != 0 || grp->gr_gid != stat_buf.st_gid) { LogError("TCSD config file (%s) must be user/group %s/%s", tcsd_config_file, - TSS_USER_NAME, TSS_GROUP_NAME); + "root", TSS_GROUP_NAME); return TCSERR(TSS_E_INTERNAL_ERROR); } - /* make sure only the tss user can manipulate the config file */ + /* make sure only the tss user can read (but not manipulate) the config file */ if (((stat_buf.st_mode & 0777) ^ mode) != 0) { - LogError("TCSD config file (%s) must be mode 0600", tcsd_config_file); + LogError("TCSD config file (%s) must be mode 0640", tcsd_config_file); return TCSERR(TSS_E_INTERNAL_ERROR); } #endif /* SOLARIS */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor