[gnome-software/1908-external-appstream-installer-sets-wrong-file-owner-and-permissions: 8/8] gs-install-appstream: Ensure the installed file has correct permissions and owner
- From: Milan Crha <mcrha src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-software/1908-external-appstream-installer-sets-wrong-file-owner-and-permissions: 8/8] gs-install-appstream: Ensure the installed file has correct permissions and owner
- Date: Thu, 20 Oct 2022 16:20:14 +0000 (UTC)
commit bcf2173ab25b96a8459484b313f3b7e604da0dac
Author: Milan Crha <mcrha redhat com>
Date: Thu Oct 20 17:31:38 2022 +0200
gs-install-appstream: Ensure the installed file has correct permissions and owner
The expected owner is root, thus make sure it's set as such.
Similarly the permissions should be set that others and the group can read the file,
otherwise it's useless for the users.
Closes https://gitlab.gnome.org/GNOME/gnome-software/-/issues/1908
gs-install-appstream/gs-install-appstream.c | 42 +++++++++++++++++++++++++----
1 file changed, 37 insertions(+), 5 deletions(-)
---
diff --git a/gs-install-appstream/gs-install-appstream.c b/gs-install-appstream/gs-install-appstream.c
index 95a940624..4e8144c2f 100644
--- a/gs-install-appstream/gs-install-appstream.c
+++ b/gs-install-appstream/gs-install-appstream.c
@@ -24,8 +24,10 @@
#include <errno.h>
#include <locale.h>
+#include <pwd.h>
#include <stdlib.h>
#include <sys/stat.h>
+#include <unistd.h>
#include <xmlb.h>
#include <glib/gi18n.h>
@@ -41,6 +43,7 @@ gs_install_appstream_move_file (GFile *file, GError **error)
g_autofree gchar *cachefn = gs_external_appstream_utils_get_file_cache_path (basename);
g_autoptr(GFile) cachefn_file = g_file_new_for_path (cachefn);
g_autoptr(GFile) cachedir_file = g_file_get_parent (cachefn_file);
+ GStatBuf stat_buf = { 0 };
/* Try to cleanup the old cache directory, but do not panic, when it fails */
if (g_unlink (legacy_cachefn) == -1) {
@@ -58,11 +61,40 @@ gs_install_appstream_move_file (GFile *file, GError **error)
/* do the move, overwriting existing files and setting the permissions
* of the current process (so that should be -rw-r--r--) */
- return g_file_move (file, cachefn_file,
- G_FILE_COPY_OVERWRITE |
- G_FILE_COPY_NOFOLLOW_SYMLINKS |
- G_FILE_COPY_TARGET_DEFAULT_PERMS,
- NULL, NULL, NULL, error);
+ if (!g_file_move (file, cachefn_file,
+ G_FILE_COPY_OVERWRITE |
+ G_FILE_COPY_NOFOLLOW_SYMLINKS |
+ G_FILE_COPY_TARGET_DEFAULT_PERMS,
+ NULL, NULL, NULL, error))
+ return FALSE;
+
+ /* verify it is "-rw-r--r--" and the root owns the file */
+ if (g_stat (cachefn, &stat_buf) == 0) {
+ struct passwd *pwd;
+ mode_t expected_mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
+ if ((stat_buf.st_mode & expected_mode) != expected_mode &&
+ g_chmod (cachefn, expected_mode) == -1) {
+ int errn = errno;
+ g_printerr ("Failed to chmod '%s': %s\n", cachefn, g_strerror (errn));
+ }
+
+ /* the file should be owned by the root */
+ pwd = getpwnam ("root");
+ if (pwd != NULL) {
+ if (chown (cachefn, pwd->pw_uid, pwd->pw_gid) == -1) {
+ int errn = errno;
+ g_printerr ("Failed to chown on '%s': %s\n", cachefn, g_strerror (errn));
+ }
+ } else {
+ int errn = errno;
+ g_printerr ("Failed to get root info: %s\n", g_strerror (errn));
+ }
+ } else {
+ int errn = errno;
+ g_printerr ("Failed to stat '%s': %s\n", cachefn, g_strerror (errn));
+ }
+
+ return TRUE;
}
static gboolean
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]