102c73f31a
- fix pkcsconf crash for non-root users (#10054661) - the libs subpackage must care of creating the pkcs11 group, it's the first to be installed
60 lines
1.8 KiB
Diff
60 lines
1.8 KiB
Diff
From 95064291fe13d4ed98e195946d931fe779f8a48f Mon Sep 17 00:00:00 2001
|
|
From: Joy Latten <jmlatten@linux.vnet.ibm.com>
|
|
Date: Fri, 17 Jan 2014 10:33:19 -0600
|
|
Subject: [PATCH] Problem: A regular user in pkcs11 group cannot issue pkcsconf
|
|
-t. When shm_open() creates shared memory object, it honors umask of the
|
|
caller. This patch ensures the shared memory has expected permissions when it
|
|
is created.
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
|
|
Signed-off-by: Dan Horák <dan@danny.cz>
|
|
---
|
|
usr/lib/pkcs11/common/shared_memory.c | 27 ++++++++++++++++++++++-----
|
|
1 file changed, 22 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/usr/lib/pkcs11/common/shared_memory.c b/usr/lib/pkcs11/common/shared_memory.c
|
|
index a8710c5..bf0411d 100644
|
|
--- a/usr/lib/pkcs11/common/shared_memory.c
|
|
+++ b/usr/lib/pkcs11/common/shared_memory.c
|
|
@@ -161,12 +161,29 @@ sm_open(const char *sm_name, int mode, void **p_addr, size_t len, int force)
|
|
goto done;
|
|
}
|
|
|
|
- fd = shm_open(name, O_RDWR | O_CREAT, mode);
|
|
+ /* try and open first... */
|
|
+ fd = shm_open(name, O_RDWR, mode);
|
|
if (fd < 0) {
|
|
- rc = -errno;
|
|
- SYS_ERROR(errno, "Failed to open shared memory \"%s\".\n",
|
|
- name);
|
|
- goto done;
|
|
+ /* maybe it needs to be created ... */
|
|
+ fd = shm_open(name, O_RDWR | O_CREAT, mode);
|
|
+ if (fd < 0) {
|
|
+ rc = -errno;
|
|
+ SYS_ERROR(errno,
|
|
+ "Failed to open shared memory \"%s\".\n",
|
|
+ name);
|
|
+ goto done;
|
|
+ } else {
|
|
+ /* umask may have altered permissions if we created
|
|
+ * the shared memory in above call, so set proper
|
|
+ * permissions just in case.
|
|
+ */
|
|
+ if (fchmod(fd, mode) == -1) {
|
|
+ rc = -errno;
|
|
+ SYS_ERROR(errno, "fchmod(%s): %s\n",
|
|
+ name, strerror(errno));
|
|
+ goto done;
|
|
+ }
|
|
+ }
|
|
}
|
|
|
|
/*
|
|
--
|
|
1.8.1.4
|
|
|