Replace access() calls with euidaccess(), build with -D_GNU_SOURCE (600636#c9)

2013-06-03 12:37:32 +02:00 · 2013-06-03 12:37:32 +02:00 · 02d51bb1b1
commit 02d51bb1b1
parent 1802b95895
2 changed files with 51 additions and 4 deletions
--- a/lockdev-euidaccess.patch
+++ b/lockdev-euidaccess.patch
@ -0,0 +1,39 @@
+diff -up lockdev-scm-2011-10-07/src/lockdev.c.access lockdev-scm-2011-10-07/src/lockdev.c
+--- lockdev-scm-2011-10-07/src/lockdev.c.access	2011-07-22 09:37:10.000000000 +0200
+++ lockdev-scm-2011-10-07/src/lockdev.c	2013-06-03 12:34:16.870750845 +0200
+@@ -616,7 +616,10 @@ dev_lock (const char *devname)
+ 	if ( stat( device, &statbuf) == -1 ) {
+ 		close_n_return(-errno);
+ 	}
+-	if ( access( device, W_OK ) == -1 ) {
+	/* check that the caller has write permission to the device
+	 * to prevent denial-of-service attack by unauthorized users
+	 */
+	if ( euidaccess( device, W_OK ) == -1 ) {
+ 		close_n_return(-errno);
+ 	}
+ 
+@@ -780,7 +783,10 @@ dev_relock (const char  *devname,
+ 	if ( stat( device, &statbuf) == -1 ) {
+ 		close_n_return(-errno);
+ 	}
+-	if ( access( device, W_OK ) == -1 ) {
+	/* check that the caller has write permission to the device
+	 * to prevent denial-of-service attack by unauthorized users
+	 */
+	if ( euidaccess( device, W_OK ) == -1 ) {
+ 		close_n_return(-errno);
+ 	}
+ 
+@@ -870,7 +876,10 @@ dev_unlock (const char *devname,
+ 	if ( stat( device, &statbuf) == -1 ) {
+ 		close_n_return(-errno);
+ 	}
+-	if ( access( device, W_OK ) == -1 ) {
+	/* check that the caller has write permission to the device
+	 * to prevent denial-of-service attack by unauthorized users
+	 */
+	if ( euidaccess( device, W_OK ) == -1 ) {
+ 		close_n_return(-errno);
+ 	}
+ 
--- a/lockdev.spec
+++ b/lockdev.spec
@ -10,7 +10,7 @@
 Summary: A library for locking devices
 Name: lockdev
 Version: 1.0.4
-Release: 0.6.%{checkout}%{?dist}
+Release: 0.7.%{checkout}%{?dist}
 License: LGPLv2
 Group: System Environment/Libraries
 URL: https://alioth.debian.org/projects/lockdev/
@ -19,6 +19,8 @@ URL: https://alioth.debian.org/projects/lockdev/
 # https://alioth.debian.org/snapshots.php?group_id=100443
 Source0: lockdev-%{version}.%{checkout}.tar.gz

+Patch1: lockdev-euidaccess.patch
+
 Requires(pre): shadow-utils
 Requires(post): glibc
 Requires(postun): glibc
@ -48,6 +50,9 @@ package contains the development headers.
 %prep
 %setup -q -n lockdev-scm-%{co_date}

+# Replace access() calls with euidaccess() (600636#c9)
+%patch1 -p1 -b .access
+
 %build
 # Generate version information from git release tag
 ./scripts/git-version > VERSION
@ -58,7 +63,7 @@ touch ChangeLog
 # Bootstrap autotools
 autoreconf --verbose --force --install

-CFLAGS="${RPM_OPT_FLAGS} -D_PATH_LOCK=\\\"%{_lockdir}\\\"" \
+CFLAGS="${RPM_OPT_FLAGS} -D_GNU_SOURCE -D_PATH_LOCK=\\\"%{_lockdir}\\\"" \
 %configure --disable-static --enable-helper

 make %{?_smp_mflags}
@ -66,9 +71,9 @@ make %{?_smp_mflags}
 %install
 make install DESTDIR=%{buildroot}

-rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
+rm -f %{buildroot}%{_libdir}/*.la

-mkdir -p $RPM_BUILD_ROOT%{_lockdir}
+mkdir -p %{buildroot}%{_lockdir}

 %pre
 getent group lock >/dev/null || groupadd -g 54 -r -f lock
@ -92,6 +97,9 @@ exit 0
 %{_includedir}/*

 %changelog
+* Mon Jun 03 2013 Jiri Popelka <jpopelka@redhat.com> - 1.0.4-0.7.20111007git
+- Replace access() calls with euidaccess(), build with -D_GNU_SOURCE (600636#c9)
+
 * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.4-0.6.20111007git
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild