fcoemon: Do not create a world and group writable PID file
Currently fcoemon creates a world and group writable PID file which could be locally exploited. This patch sets umask to 177 before the PID file creation.
This commit is contained in:
Petr Sabata
parent
9a79b1c7b8
commit
9fb2e54a9b
@ -0,0 +1,29 @@
|
|||||||
|
From 964c51aee4a5007cffed59b40aab5dc2c1861f00 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Sabata <psabata@redhat.com>
|
||||||
|
Date: Mon, 2 May 2011 20:30:51 +0000
|
||||||
|
Subject: [PATCH] fcoemon: Do not create a world and group writable PID file
|
||||||
|
|
||||||
|
Currently fcoemon creates a world and group writable PID file which could be
|
||||||
|
locally exploited. This patch sets umask to 177 before the PID file creation.
|
||||||
|
|
||||||
|
Signed-off-by: Petr Sabata <psabata@redhat.com>
|
||||||
|
Signed-off-by: Robert Love <robert.w.love@intel.com>
|
||||||
|
---
|
||||||
|
fcoemon.c | 1 +
|
||||||
|
1 files changed, 1 insertions(+), 0 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/fcoemon.c b/fcoemon.c
|
||||||
|
index f2f3b86..4ee18f3 100644
|
||||||
|
--- a/fcoemon.c
|
||||||
|
+++ b/fcoemon.c
|
||||||
|
@@ -2320,6 +2320,7 @@ static void fcm_pidfile_create(void)
|
||||||
|
}
|
||||||
|
fclose(fp);
|
||||||
|
}
|
||||||
|
+ umask(~(S_IRUSR | S_IWUSR));
|
||||||
|
fp = fopen(fcm_pidfile, "w+");
|
||||||
|
if (fp) {
|
||||||
|
fprintf(fp, "%d\n", getpid());
|
||||||
|
--
|
||||||
|
1.7.4.4
|
||||||
|
|
||||||
@ -1,8 +1,7 @@
|
|||||||
Name: fcoe-utils
|
Name: fcoe-utils
|
||||||
Version: 1.0.18
|
Version: 1.0.18
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Summary: Fibre Channel over Ethernet utilities
|
Summary: Fibre Channel over Ethernet utilities
|
||||||
|
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
URL: http://www.open-fcoe.org
|
URL: http://www.open-fcoe.org
|
||||||
@ -33,6 +32,7 @@ Patch22: fcoe-utils-1.0.18-fcoe-utils-Documentation-for-the-fcoeadm-Scan-
|
|||||||
Patch23: fcoe-utils-1.0.18-fcoemon-Correct-wrong-error-check.patch
|
Patch23: fcoe-utils-1.0.18-fcoemon-Correct-wrong-error-check.patch
|
||||||
Patch24: fcoe-utils-1.0.18-fcoemon-Fix-2-file-descriptor-leaks.patch
|
Patch24: fcoe-utils-1.0.18-fcoemon-Fix-2-file-descriptor-leaks.patch
|
||||||
Patch25: fcoe-utils-1.0.18-fcoe-utils-Avoid-freeing-uninitialized-pointer-in-fc.patch
|
Patch25: fcoe-utils-1.0.18-fcoe-utils-Avoid-freeing-uninitialized-pointer-in-fc.patch
|
||||||
|
Patch26: fcoe-utils-1.0.18-fcoemon-Do-not-create-a-world-and-group-writable-PID.patch
|
||||||
|
|
||||||
BuildRequires: libhbaapi-devel lldpad-devel libnl-devel
|
BuildRequires: libhbaapi-devel lldpad-devel libnl-devel
|
||||||
BuildRequires: libtool automake autoconf
|
BuildRequires: libtool automake autoconf
|
||||||
@ -65,6 +65,7 @@ fcoemon - service to configure DCB Ethernet QOS filters, works with dcbd or lldp
|
|||||||
%patch23 -p1
|
%patch23 -p1
|
||||||
%patch24 -p1
|
%patch24 -p1
|
||||||
%patch25 -p1
|
%patch25 -p1
|
||||||
|
%patch26 -p1
|
||||||
# Fedora patches on top of that...
|
# Fedora patches on top of that...
|
||||||
%patch0 -p1 -b .init
|
%patch0 -p1 -b .init
|
||||||
%patch1 -p1 -b .make
|
%patch1 -p1 -b .make
|
||||||
@ -138,6 +139,9 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed May 3 2011 Petr Sabata <psabata@redhat.com> - 1.0.18-2
|
||||||
|
- fcoemon: Do not create a world and group writable PID file
|
||||||
|
|
||||||
* Wed Apr 20 2011 Petr Sabata <psabata@redhat.com> - 1.0.18-1
|
* Wed Apr 20 2011 Petr Sabata <psabata@redhat.com> - 1.0.18-1
|
||||||
- 1.0.18 bump with latest bugfixes
|
- 1.0.18 bump with latest bugfixes
|
||||||
- Removing ExcludeArch completely; not related for Fedora
|
- Removing ExcludeArch completely; not related for Fedora
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user