[glib: 1/2] gdbusauthmechanismsha1: Don’t create keyring dir when running as setuid

From: Simon McVittie <smcv src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib: 1/2] gdbusauthmechanismsha1: Don’t create keyring dir when running as setuid
Date: Thu, 19 Nov 2020 11:13:27 +0000 (UTC)


commit 4f7c6e1ec8e98a594b0e70a60bf4d4f809db0bae
Author: Philip Withnall <pwithnall endlessos org>
Date:   Mon Nov 2 12:04:53 2020 +0000

    gdbusauthmechanismsha1: Don’t create keyring dir when running as setuid
    
    Continue to allow overriding the keyring dir, but don’t automatically
    create it when running as root.
    
    Signed-off-by: Philip Withnall <pwithnall endlessos org>
    
    Coverity CID: #1432485

 gio/gdbusauthmechanismsha1.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)
---
diff --git a/gio/gdbusauthmechanismsha1.c b/gio/gdbusauthmechanismsha1.c
index baa4e59d9..095a6663e 100644
--- a/gio/gdbusauthmechanismsha1.c
+++ b/gio/gdbusauthmechanismsha1.c
@@ -40,6 +40,7 @@
 #include "gioenumtypes.h"
 #include "gioerror.h"
 #include "gdbusprivate.h"
+#include "glib-private.h"
 
 #include "glibintl.h"
 
@@ -265,6 +266,7 @@ ensure_keyring_directory (GError **error)
 {
   gchar *path;
   const gchar *e;
+  gboolean is_setuid;
 #ifdef G_OS_UNIX
   struct stat statbuf;
 #endif
@@ -332,7 +334,10 @@ ensure_keyring_directory (GError **error)
     }
 #endif  /* if !G_OS_UNIX */
 
-  if (g_mkdir_with_parents (path, 0700) != 0)
+  /* Only create the directory if not running as setuid */
+  is_setuid = GLIB_PRIVATE_CALL (g_check_setuid) ();
+  if (!is_setuid &&
+      g_mkdir_with_parents (path, 0700) != 0)
     {
       int errsv = errno;
       g_set_error (error,
@@ -344,6 +349,17 @@ ensure_keyring_directory (GError **error)
       g_clear_pointer (&path, g_free);
       return NULL;
     }
+  else if (is_setuid)
+    {
+      g_set_error (error,
+                   G_IO_ERROR,
+                   G_IO_ERROR_PERMISSION_DENIED,
+                   _("Error creating directory “%s”: %s"),
+                   path,
+                   _("Operation not supported"));
+      g_clear_pointer (&path, g_free);
+      return NULL;
+    }
 
   return g_steal_pointer (&path);
 }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]