45 lines
1.4 KiB
Diff
45 lines
1.4 KiB
Diff
From 272e6bdac33309672955e8f8bf1b8f5f1e51fa0a Mon Sep 17 00:00:00 2001
|
|
From: Ondrej Holy <oholy@redhat.com>
|
|
Date: Thu, 23 May 2019 10:33:30 +0200
|
|
Subject: [PATCH] admin: Use fsuid to ensure correct file ownership
|
|
|
|
Files created over admin backend should be owned by root, but they are
|
|
owned by the user itself. This is because the daemon drops the uid to
|
|
make dbus connection work. Use fsuid and euid to fix this issue.
|
|
|
|
Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/21
|
|
---
|
|
daemon/gvfsbackendadmin.c | 29 +++++++----------------------
|
|
1 file changed, 7 insertions(+), 22 deletions(-)
|
|
|
|
diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
|
|
index 2d949ae0..71946a02 100644
|
|
--- a/daemon/gvfsbackendadmin.c
|
|
+++ b/daemon/gvfsbackendadmin.c
|
|
@@ -977,14 +961,15 @@ acquire_caps (uid_t uid)
|
|
struct __user_cap_header_struct hdr;
|
|
struct __user_cap_data_struct data;
|
|
|
|
- /* Tell kernel not clear capabilities when dropping root */
|
|
- if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0)
|
|
- g_error ("prctl(PR_SET_KEEPCAPS) failed");
|
|
-
|
|
- /* Drop root uid, but retain the required permitted caps */
|
|
- if (setuid (uid) < 0)
|
|
+ /* Set euid to user to make dbus work */
|
|
+ if (seteuid (uid) < 0)
|
|
g_error ("unable to drop privs");
|
|
|
|
+ /* Set fsuid to still behave like root when working with files */
|
|
+ setfsuid (0);
|
|
+ if (setfsuid (-1) != 0)
|
|
+ g_error ("setfsuid failed");
|
|
+
|
|
memset (&hdr, 0, sizeof(hdr));
|
|
hdr.version = _LINUX_CAPABILITY_VERSION;
|
|
|
|
--
|
|
2.21.0
|
|
|
|
|