diff options
| author | Panu Matilainen <pmatilai@redhat.com> | 2010-06-03 11:04:12 +0300 |
|---|---|---|
| committer | Panu Matilainen <pmatilai@redhat.com> | 2010-06-03 11:04:12 +0300 |
| commit | 4d172a194addc49851e558ea390d3045894e3230 (patch) | |
| tree | 5dc37a9e80bf396642f0981ed18fdc96f2d061a9 | |
| parent | ca2d6b2b484f1501eafdde02e1688409340d2383 (diff) | |
| download | librpm-tizen-4d172a194addc49851e558ea390d3045894e3230.tar.gz librpm-tizen-4d172a194addc49851e558ea390d3045894e3230.tar.bz2 librpm-tizen-4d172a194addc49851e558ea390d3045894e3230.zip | |
Remove POSIX file capabilities from executables on erase/rename too
- Just like suid/sgid bits, hardlinks to executables with capabilities
set can "leak" permissions to old, potentially vulnerable versions
of binaries. Related to RhBug:598775.
| -rw-r--r-- | lib/fsm.c | 9 |
1 files changed, 7 insertions, 2 deletions
@@ -1264,10 +1264,15 @@ static int fsmMkdirs(FSM_t fsm) static void removeSBITS(const char *path) { struct stat stb; - if (lstat(path, &stb) == 0) { - if (S_ISREG(stb.st_mode) && (stb.st_mode & 06000) != 0) { + if (lstat(path, &stb) == 0 && S_ISREG(stb.st_mode)) { + if ((stb.st_mode & 06000) != 0) { (void) chmod(path, stb.st_mode & 0777); } +#if WITH_CAP + if (stb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) { + (void) cap_set_file(path, NULL); + } +#endif } } |