isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Set umask temporarily when creating files instead of changing the

Browse Source 
mode after the fact.  This is slightly less error prone.
This commit is contained in:
Todd C. Miller
2017-03-21 16:21:17 -06:00
parent 2a37590b7d
commit 7668b4b42b
3 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
plugins/sudoers/iolog.c
View File

@@ -130,7 +130,6 @@ io_mkdirs(char *path)
ok = false; ok = false;
} else { } else {
ignore_result(chown(path, iolog_uid, iolog_gid)); ignore_result(chown(path, iolog_uid, iolog_gid));
ignore_result(chmod(path, iolog_dirmode));
} }
} }
if (uid_changed) { if (uid_changed) {
@@ -340,12 +339,16 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
char buf[32], *ep; char buf[32], *ep;
int i, len, fd = -1; int i, len, fd = -1;
unsigned long id = 0; unsigned long id = 0;
mode_t omask;
ssize_t nread; ssize_t nread;
bool ret = false; bool ret = false;
char pathbuf[PATH_MAX]; char pathbuf[PATH_MAX];
static const char b36char[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; static const char b36char[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
debug_decl(io_nextid, SUDOERS_DEBUG_UTIL) debug_decl(io_nextid, SUDOERS_DEBUG_UTIL)
/* umask must not be more restrictive than the file modes. */
omask = umask(ACCESSPERMS & ~(iolog_filemode|iolog_dirmode));
/* /*
* Create I/O log directory if it doesn't already exist. * Create I/O log directory if it doesn't already exist.
*/ */
@@ -374,7 +377,6 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
} }
sudo_lock_file(fd, SUDO_LOCK); sudo_lock_file(fd, SUDO_LOCK);
ignore_result(fchown(fd, iolog_uid, iolog_gid)); ignore_result(fchown(fd, iolog_uid, iolog_gid));
ignore_result(fchmod(fd, iolog_filemode));
/* /*
* If there is no seq file in iolog_dir and a fallback dir was * If there is no seq file in iolog_dir and a fallback dir was
@@ -398,7 +400,6 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
} }
if (fd2 != -1) { if (fd2 != -1) {
ignore_result(fchown(fd2, iolog_uid, iolog_gid)); ignore_result(fchown(fd2, iolog_uid, iolog_gid));
ignore_result(fchmod(fd2, iolog_filemode));
nread = read(fd2, buf, sizeof(buf) - 1); nread = read(fd2, buf, sizeof(buf) - 1);
if (nread > 0) { if (nread > 0) {
if (buf[nread - 1] == '\n') if (buf[nread - 1] == '\n')
@@ -464,6 +465,7 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
ret = true; ret = true;
done: done:
umask(omask);
if (fd != -1) if (fd != -1)
close(fd); close(fd);
debug_return_bool(ret); debug_return_bool(ret);
@@ -524,7 +526,6 @@ open_io_fd(char *pathbuf, size_t len, struct io_log_file *iol, bool docompress)
} }
if (fd != -1) { if (fd != -1) {
ignore_result(fchown(fd, iolog_uid, iolog_gid)); ignore_result(fchown(fd, iolog_uid, iolog_gid));
ignore_result(fchmod(fd, iolog_filemode));
(void)fcntl(fd, F_SETFD, FD_CLOEXEC); (void)fcntl(fd, F_SETFD, FD_CLOEXEC);
#ifdef HAVE_ZLIB_H #ifdef HAVE_ZLIB_H
if (docompress) if (docompress)
@@ -767,7 +768,6 @@ write_info_log(char *pathbuf, size_t len, struct iolog_details *details,
debug_return_bool(false); debug_return_bool(false);
} }
ignore_result(fchown(fd, iolog_uid, iolog_gid)); ignore_result(fchown(fd, iolog_uid, iolog_gid));
ignore_result(fchmod(fd, iolog_filemode));
fprintf(fp, "%lld:%s:%s:%s:%s:%d:%d\n%s\n%s", (long long)now->tv_sec, fprintf(fp, "%lld:%s:%s:%s:%s:%d:%d\n%s\n%s", (long long)now->tv_sec,
details->user ? details->user : "unknown", details->runas_pw->pw_name, details->user ? details->user : "unknown", details->runas_pw->pw_name,
@@ -850,6 +850,7 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation,
char * const *cur; char * const *cur;
const char *cp, *plugin_path = NULL; const char *cp, *plugin_path = NULL;
size_t len; size_t len;
mode_t omask;
int i, ret = -1; int i, ret = -1;
debug_decl(sudoers_io_open, SUDOERS_DEBUG_PLUGIN) debug_decl(sudoers_io_open, SUDOERS_DEBUG_PLUGIN)
@@ -875,6 +876,10 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation,
continue; continue;
} }
} }
/* umask must not be more restrictive than the file modes. */
omask = umask(ACCESSPERMS & ~(iolog_filemode|iolog_dirmode));
if (!sudoers_debug_register(plugin_path, &debug_files)) { if (!sudoers_debug_register(plugin_path, &debug_files)) {
ret = -1; ret = -1;
goto done; goto done;
@@ -943,6 +948,7 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation,
ret = true; ret = true;
done: done:
umask(omask);
free(tofree); free(tofree);
if (iolog_details.runas_pw) if (iolog_details.runas_pw)
sudo_pw_delref(iolog_details.runas_pw); sudo_pw_delref(iolog_details.runas_pw);

1
plugins/sudoers/mkdir_parents.c
View File

@@ -53,7 +53,6 @@ sudo_mkdir_parents(char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet)
if (mkdir(path, mode) == 0) { if (mkdir(path, mode) == 0) {
if (uid != (uid_t)-1 && gid != (gid_t)-1) if (uid != (uid_t)-1 && gid != (gid_t)-1)
ignore_result(chown(path, uid, gid)); ignore_result(chown(path, uid, gid));
ignore_result(chmod(path, mode));
} else { } else {
if (errno != EEXIST) { if (errno != EEXIST) {
if (!quiet) if (!quiet)

4
plugins/sudoers/timestamp.c
View File

@@ -154,8 +154,11 @@ ts_mkdirs(char *path, uid_t owner, gid_t group, mode_t mode,
mode_t parent_mode, bool quiet) mode_t parent_mode, bool quiet)
{ {
bool ret; bool ret;
mode_t omask;
debug_decl(ts_mkdirs, SUDOERS_DEBUG_AUTH) debug_decl(ts_mkdirs, SUDOERS_DEBUG_AUTH)
/* umask must not be more restrictive than the file modes. */
omask = umask(ACCESSPERMS & ~(mode|parent_mode));
ret = sudo_mkdir_parents(path, owner, group, parent_mode, quiet); ret = sudo_mkdir_parents(path, owner, group, parent_mode, quiet);
if (ret) { if (ret) {
/* Create final path component. */ /* Create final path component. */
@@ -170,6 +173,7 @@ ts_mkdirs(char *path, uid_t owner, gid_t group, mode_t mode,
ignore_result(chown(path, owner, group)); ignore_result(chown(path, owner, group));
} }
} }
umask(omask);
debug_return_bool(ret); debug_return_bool(ret);
} }