rpms/linux-sgx
7
0
Fork 0
Code Issues Pull Requests Releases Activity
c10s
linux-sgx/0117-qgs-add-m-MODE-parameter-for-UNIX-socket-mode.patch
Daniel P. Berrangé 3c00769e65 Fix pccs npm security flaws 
Sync patches from Fedora 43, to fix multiple pccs npm security flaws,
and fix typo in pccsadmin help text.

CVE-2026-23745, CVE-2026-23950, CVE-2026-24842, CVE-2025-13465, CVE-2025-15284

Resolves: RHEL-145005, RHEL-144190, RHEL-142482, RHEL-138075, RHEL-140108
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2026-02-05 11:52:25 +00:00

104 lines
4.7 KiB
Diff
Raw Permalink Blame History

From d7299915f42cd068744ce02e358865085f2f12bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Fri, 2 May 2025 14:48:24 +0100
Subject: [PATCH 117/136] qgs: add -m=MODE parameter for UNIX socket mode
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The UNIX socket mode default is controlled by the process umask, but it
can be desirable to override this to open up the socket mode, while
keeping the umask restrictive.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
.../quote_wrapper/qgs/server_main.cpp | 35 +++++++++++++++++--
1 file changed, 32 insertions(+), 3 deletions(-)
diff --git a/QuoteGeneration/quote_wrapper/qgs/server_main.cpp b/QuoteGeneration/quote_wrapper/qgs/server_main.cpp
index 47f6c264..4628b182 100644
--- a/QuoteGeneration/quote_wrapper/qgs/server_main.cpp
+++ b/QuoteGeneration/quote_wrapper/qgs/server_main.cpp
@@ -73,9 +73,10 @@ int main(int argc, const char* argv[])
bool no_daemon = false;
unsigned long int port = 0;
unsigned long int num_threads = 0;
+ unsigned long int mode = 0;
char *endptr = NULL;
if (argc > 4) {
- cout << "Usage: " << argv[0] << " [--no-daemon] [-p=port_number] [-n=number_threads] [--verbose] [--debug]"
+ cout << "Usage: " << argv[0] << " [--no-daemon] [-p=port_number] [-m=unix_socket_mode] [-n=number_threads] [--verbose] [--debug]"
<< endl;
exit(1);
}
@@ -106,6 +107,19 @@ int main(int argc, const char* argv[])
}
cout << "port number [" << port << "] found in cmdline" << endl;
continue;
+ } else if (strncmp(argv[i], "-m=", 3 ) == 0) {
+ if (strspn(argv[i] + 3, "0123456789") != strlen(argv[i] + 3)) {
+ cout << "Please input valid socket mode" << endl;
+ exit(1);
+ }
+ errno = 0;
+ mode = strtoul(argv[i] + 3, &endptr, 8);
+ if (errno || strlen(endptr) || (mode > UINT_MAX) ) {
+ cout << "Please input valid socket mode" << endl;
+ exit(1);
+ }
+ cout << "socket mode [" << oct << mode << dec << "] found in cmdline" << endl;
+ continue;
} else if (strncmp(argv[i], "-n=", 3) == 0) {
if (strspn(argv[i] + 3, "0123456789") != strlen(argv[i] + 3)) {
cout << "Please input valid thread number" << endl;
@@ -120,7 +134,7 @@ int main(int argc, const char* argv[])
cout << "thread number [" << num_threads << "] found in cmdline" << endl;
continue;
} else {
- cout << "Usage: " << argv[0] << " [--no-daemon] [-p=port_number] [-n=number_threads] [--verbose] [--debug]"
+ cout << "Usage: " << argv[0] << " [--no-daemon] [-p=port_number] [-m=unix_socket_mode] [-n=number_threads] [--verbose] [--debug]"
<< endl;
exit(1);
}
@@ -129,7 +143,7 @@ int main(int argc, const char* argv[])
// Use the port number in QGS_CONFIG_FILE if no valid port number on
// command line
- if (port == 0 || num_threads == 0) {
+ if (port == 0 || num_threads == 0 || mode == 0) {
ifstream config_file(QGS_CONFIG_FILE);
if (config_file.is_open()) {
string line;
@@ -161,6 +175,15 @@ int main(int argc, const char* argv[])
<< QGS_CONFIG_FILE << endl;
exit(1);
}
+ } else if (!mode && name.compare("socket_mode") == 0) {
+ errno = 0;
+ endptr = NULL;
+ mode = strtoul(value, &endptr, 8);
+ if (errno || strlen(endptr) || (mode > UINT_MAX)) {
+ cout << "Please input valid socket mode in "
+ << QGS_CONFIG_FILE << endl;
+ exit(1);
+ }
} else if (!num_threads && name.compare("number_threads") == 0) {
errno = 0;
endptr = NULL;
@@ -212,6 +235,12 @@ int main(int argc, const char* argv[])
}
QGS_LOG_INFO("About to create QgsServer with num_thread = %d\n", (uint8_t)num_threads);
server = new QgsServer(io_service, ep, (uint8_t)num_threads);
+ /* Allow mode to be determined by umask by default,
+ * overriding only if an explicit mode is requested
+ */
+ if (!port && mode != 0) {
+ chmod(QGS_UNIX_SOCKET_FILE, mode);
+ }
QGS_LOG_INFO("About to start main loop\n");
io_service.run();
QGS_LOG_INFO("Quit main loop\n");
--
2.52.0
Reference in New Issue View Git Blame Copy Permalink