Compare commits
No commits in common. "imports/c9-beta/oddjob-0.34.7-6.el9" and "c8" have entirely different histories.
imports/c9
...
c8
|
|
@ -0,0 +1,132 @@
|
|||
From b800e25258353dbb1a88506123c21ac3298fd2d0 Mon Sep 17 00:00:00 2001
|
||||
From: Carlos Santos <casantos@redhat.com>
|
||||
Date: Tue, 18 Oct 2022 08:59:16 -0300
|
||||
Subject: [PATCH 2/2] Always set the home directory permissions according to
|
||||
HOME_MODE
|
||||
|
||||
Currently the home directory permissions are set by taking the /etc/skel
|
||||
mode and masking it with HOME_MODE:
|
||||
|
||||
override_umask = 0777 & ~get_umask(&configured_umask, "HOME_MODE");
|
||||
stat(skel, &sb); /* performed by nftw() */
|
||||
oddjob_selinux_mkdir(newpath, sb->st_mode & ~override_umask, uid, gid);
|
||||
|
||||
The problem is that when HOME_MODE is more permissive than /etc/skel,
|
||||
the masking will not produce the desired result, e.g.
|
||||
|
||||
skel_mode = 0755
|
||||
HOME_MODE = 0775
|
||||
override_umask = 0777 & ~HOME_MODE /* 0002 */
|
||||
mode = skel_mode & ~override_umask /* 0755 & 0775 = 0755 */
|
||||
|
||||
In order to fix the problem, always use 0777 & ~override_umask for the
|
||||
top home directory.
|
||||
|
||||
Signed-off-by: Carlos Santos <casantos@redhat.com>
|
||||
Fixes: https://pagure.io/oddjob/issue/17
|
||||
---
|
||||
src/mkhomedir.c | 45 +++++++++++++++++++++------------------------
|
||||
1 file changed, 21 insertions(+), 24 deletions(-)
|
||||
|
||||
diff --git a/src/mkhomedir.c b/src/mkhomedir.c
|
||||
index ac813a9..932918f 100644
|
||||
--- a/src/mkhomedir.c
|
||||
+++ b/src/mkhomedir.c
|
||||
@@ -67,6 +67,7 @@ copy_single_item(const char *source, const struct stat *sb,
|
||||
{
|
||||
uid_t uid = pwd->pw_uid;
|
||||
gid_t gid = pwd->pw_gid;
|
||||
+ mode_t mode = sb->st_mode & ~override_umask;
|
||||
int sfd, dfd, i, res;
|
||||
char target[PATH_MAX + 1], newpath[PATH_MAX + 1];
|
||||
unsigned char buf[BUFSIZ];
|
||||
@@ -112,8 +113,7 @@ copy_single_item(const char *source, const struct stat *sb,
|
||||
oddjob_set_selinux_file_creation_context(newpath,
|
||||
sb->st_mode |
|
||||
S_IFREG);
|
||||
- dfd = open(newpath, O_WRONLY | O_CREAT | O_EXCL,
|
||||
- sb->st_mode & ~override_umask);
|
||||
+ dfd = open(newpath, O_WRONLY | O_CREAT | O_EXCL, mode);
|
||||
if (dfd != -1) {
|
||||
while ((i = read(sfd, buf, sizeof(buf))) > 0) {
|
||||
retry_write(dfd, buf, i);
|
||||
@@ -156,20 +156,22 @@ copy_single_item(const char *source, const struct stat *sb,
|
||||
}
|
||||
return 0;
|
||||
case FTW_D:
|
||||
- /* It's the home directory itself. Don't give it to the
|
||||
- * target user just yet to avoid potential race conditions
|
||||
- * involving symlink attacks when we copy over the skeleton
|
||||
- * tree. */
|
||||
- if (status->level == 0 && !owner_mkdir_first) {
|
||||
- uid = 0;
|
||||
- gid = 0;
|
||||
- }
|
||||
-
|
||||
/* It's a directory. Make one with the same name and
|
||||
* permissions, but owned by the target user. */
|
||||
- res = oddjob_selinux_mkdir(newpath,
|
||||
- sb->st_mode & ~override_umask,
|
||||
- uid, gid);
|
||||
+ if (status->level == 0) {
|
||||
+ /* It's the home directory itself. Use the configured
|
||||
+ * (or overriden) mode, not the source mode & umask. */
|
||||
+ mode = 0777 & ~override_umask;
|
||||
+
|
||||
+ /* Don't give it to the target user just yet to avoid
|
||||
+ * potential race conditions involving symlink attacks
|
||||
+ * when we copy over the skeleton tree. */
|
||||
+ if (!owner_mkdir_first) {
|
||||
+ uid = 0;
|
||||
+ gid = 0;
|
||||
+ }
|
||||
+ }
|
||||
+ res = oddjob_selinux_mkdir(newpath, mode, uid, gid);
|
||||
|
||||
/* on unexpected errors, or if the home directory itself
|
||||
* suddenly already exists, abort the copy operation. */
|
||||
@@ -248,12 +250,8 @@ mkhomedir(const char *user, int flags)
|
||||
|
||||
return res;
|
||||
} else {
|
||||
- if (stat(skel, &st) != 0) {
|
||||
- st.st_mode = S_IRWXU;
|
||||
- }
|
||||
if ((oddjob_selinux_mkdir(pwd->pw_dir,
|
||||
- st.st_mode &
|
||||
- ~override_umask,
|
||||
+ 0777 & ~override_umask,
|
||||
pwd->pw_uid,
|
||||
pwd->pw_gid) != 0) &&
|
||||
(errno != EEXIST)) {
|
||||
@@ -269,11 +267,11 @@ mkhomedir(const char *user, int flags)
|
||||
}
|
||||
|
||||
static mode_t
|
||||
-get_umask(int *configured, const char *variable)
|
||||
+get_umask(int *configured, const char *variable, mode_t default_value)
|
||||
{
|
||||
FILE *fp;
|
||||
char buf[BUFSIZ], *p, *end;
|
||||
- mode_t mask = umask(0777);
|
||||
+ mode_t mask = default_value;
|
||||
long tmp;
|
||||
size_t vlen = strlen(variable);
|
||||
|
||||
@@ -315,11 +313,10 @@ main(int argc, char **argv)
|
||||
|
||||
openlog(PACKAGE "-mkhomedir", LOG_PID, LOG_DAEMON);
|
||||
/* Unlike UMASK, HOME_MODE is the file mode, so needs to be reverted */
|
||||
- override_umask = 0777 & ~get_umask(&configured_umask, "HOME_MODE");
|
||||
+ override_umask = 0777 & ~get_umask(&configured_umask, "HOME_MODE", 0);
|
||||
if (configured_umask == 0) {
|
||||
- override_umask = get_umask(&configured_umask, "UMASK");
|
||||
+ override_umask = get_umask(&configured_umask, "UMASK", 022);
|
||||
}
|
||||
- umask(override_umask);
|
||||
skel_dir = "/etc/skel";
|
||||
|
||||
while ((i = getopt(argc, argv, "nqfs:u:")) != -1) {
|
||||
--
|
||||
2.38.1
|
||||
|
||||
|
|
@ -22,13 +22,15 @@
|
|||
|
||||
Name: oddjob
|
||||
Version: 0.34.7
|
||||
Release: 6%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Source0: https://releases.pagure.org/oddjob/oddjob-%{version}.tar.gz
|
||||
Source1: https://releases.pagure.org/oddjob/oddjob-%{version}.tar.gz.asc
|
||||
Patch0: oddjob-cve-2020-10737-reversal-option.patch
|
||||
Patch1: oddjob-override-mask-fix.patch
|
||||
|
||||
Summary: A D-Bus service which runs odd jobs on behalf of client applications
|
||||
License: BSD
|
||||
BuildRequires: make
|
||||
Group: System Environment/Daemons
|
||||
BuildRequires: gcc
|
||||
BuildRequires: dbus-devel >= 0.22, dbus-x11, libselinux-devel, libxml2-devel
|
||||
BuildRequires: pam-devel, pkgconfig
|
||||
|
|
@ -71,6 +73,7 @@ oddjob is a D-Bus service which performs particular tasks for clients which
|
|||
connect to it and issue requests using the system-wide message bus.
|
||||
|
||||
%package mkhomedir
|
||||
Group: System Environment/Daemons
|
||||
Summary: An oddjob helper which creates and populates home directories
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
Requires(post): %{dbus_send}, grep, sed, psmisc
|
||||
|
|
@ -81,6 +84,7 @@ pam_oddjob_mkhomedir module to create a home directory for a user
|
|||
at login-time.
|
||||
|
||||
%package sample
|
||||
Group: System Environment/Daemons
|
||||
Summary: A sample oddjob service.
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
|
||||
|
|
@ -90,6 +94,7 @@ This package contains a trivial sample oddjob service.
|
|||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
|
||||
%build
|
||||
sample_flag=
|
||||
|
|
@ -188,7 +193,7 @@ touch -r src/oddjob-mkhomedir.conf.in $RPM_BUILD_ROOT/%{_sysconfdir}/dbus-1/syst
|
|||
|
||||
%post
|
||||
if test $1 -eq 1 ; then
|
||||
killall -HUP dbus-daemon >/dev/null 2>&1
|
||||
killall -HUP dbus-daemon 2>&1 > /dev/null
|
||||
fi
|
||||
%if %{systemd}
|
||||
%systemd_post oddjobd.service
|
||||
|
|
@ -203,7 +208,7 @@ fi
|
|||
%endif
|
||||
%if %{sysvinit}
|
||||
if [ $1 -gt 0 ] ; then
|
||||
/sbin/service oddjobd condrestart >/dev/null 2>&1 || :
|
||||
/sbin/service oddjobd condrestart 2>&1 > /dev/null || :
|
||||
fi
|
||||
%endif
|
||||
exit 0
|
||||
|
|
@ -214,7 +219,7 @@ exit 0
|
|||
%endif
|
||||
%if %{sysvinit}
|
||||
if [ $1 -eq 0 ] ; then
|
||||
/sbin/service oddjobd stop >/dev/null 2>&1
|
||||
/sbin/service oddjobd stop > /dev/null 2>&1
|
||||
/sbin/chkconfig --del oddjobd
|
||||
fi
|
||||
%endif
|
||||
|
|
@ -241,7 +246,7 @@ if grep -q %{_libdir}/%{name}/mkhomedir $cfg ; then
|
|||
sed -i 's^%{_libdir}/%{name}/mkhomedir^%{_libexecdir}/%{name}/mkhomedir^g' $cfg
|
||||
fi
|
||||
if test $1 -eq 1 ; then
|
||||
killall -HUP dbus-daemon >/dev/null 2>&1
|
||||
killall -HUP dbus-daemon 2>&1 > /dev/null
|
||||
fi
|
||||
if [ -f /var/lock/subsys/oddjobd ] ; then
|
||||
%{dbus_send} --system --dest=com.redhat.oddjob /com/redhat/oddjob com.redhat.oddjob.reload
|
||||
|
|
@ -249,47 +254,37 @@ fi
|
|||
exit 0
|
||||
|
||||
%changelog
|
||||
* Thu Aug 18 2022 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.7-6
|
||||
* Fri Dec 09 2022 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.7-3
|
||||
- Always set the home directory permissions according to HOME_MODE
|
||||
- Resolves: rhbz#2135793
|
||||
|
||||
* Wed Aug 17 2022 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.7-2
|
||||
- Add a non-default option to revert behavior for CVE-2020-10737 fix
|
||||
- Resolved: rhbz#2119265
|
||||
- Resolved: rhbz#2050079
|
||||
|
||||
* Mon Feb 07 2022 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.7-5
|
||||
- Fix stdin redirection in RPM scripts
|
||||
Resolves: rhbz#2041585
|
||||
* Mon Dec 14 18:38:43 EET 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.7-1
|
||||
- Upstream release 0.34.7
|
||||
- Force LC_ALL=C.UTF-8 in oddjobd systemd service environment
|
||||
- Resolves: rhbz#1907481 - oddjob locale issue
|
||||
- Resolves: rhbz#1907541 - rebase oddjob to 0.34.7
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.34.7-4
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
* Thu Oct 08 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.5-4
|
||||
- Rebuild against RHEL 8.4.0
|
||||
Resolves: rhbz#1886433
|
||||
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.34.7-3
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
* Thu Oct 08 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.5-3
|
||||
- Support HOME_MODE from /etc/login.defs
|
||||
Resolves: rhbz#1886433
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.34.7-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
* Fri May 08 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.5-2
|
||||
- Add gating tests using idm:DL1 module stream and upstream tests
|
||||
Resolves: rhbz#1682457
|
||||
|
||||
* Mon Dec 14 22:09:29 EET 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.7-1
|
||||
- upstream release 0.34.7
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.34.6-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Thu May 7 2020 Nalin Dahyabhai <nalin@redhat.com> - 0.34.6-1
|
||||
- update license on src/buffer.h
|
||||
- change /var/run -> /run in systemd service file (Orion Poplawski)
|
||||
|
||||
* Thu May 7 2020 Nalin Dahyabhai <nalin@redhat.com> - 0.34.5-1
|
||||
- apply patch from Matthias Gerstner of the SUSE security team to fix a
|
||||
possible race condition in the mkhomedir helper (CVE-2020-10737)
|
||||
- only process SELinux contexts if SELinux is not disabled (Alexander Bokovoy)
|
||||
|
||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.34.4-10
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.34.4-9
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.34.4-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
* Fri May 08 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.5-1
|
||||
- Upstream release 0.34.5
|
||||
- Resolves: rhbz#1833289 - Rebase oddjob to 0.34.5
|
||||
- Resolves: rhbz#1833052 - CVE-2020-10737
|
||||
oddjob: race condition in oddjob_selinux_mkdir function in mkhomedir.c can lead to symlink attack
|
||||
|
||||
* Tue Dec 4 2018 Nalin Dahyabhai <nalin@redhat.com> - 0.34.4-7
|
||||
- Drop Python 2 build-time dependency, which hasn't been used since we turned
|
||||
|
|
|
|||
Loading…
Reference in New Issue