You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30 lines
1.1 KiB
30 lines
1.1 KiB
From 616db6ddcacd25e4c3a771cd317373971c9055ed Mon Sep 17 00:00:00 2001 |
|
From: =?UTF-8?q?Mantas=20Mikul=C4=97nas?= <grawity@gmail.com> |
|
Date: Fri, 29 Jan 2016 23:36:08 +0200 |
|
Subject: [PATCH] basic: fix touch() creating files with 07777 mode |
|
|
|
mode_t is unsigned, so MODE_INVALID < 0 can never be true. |
|
|
|
This fixes a possible DoS where any user could fill /run by writing to |
|
a world-writable /run/systemd/show-status. |
|
|
|
Cherry-picked from: 06eeacb6fe029804f296b065b3ce91e796e1cd0e |
|
Resolves: #1416062 |
|
--- |
|
src/shared/util.c | 3 ++- |
|
1 file changed, 2 insertions(+), 1 deletion(-) |
|
|
|
diff --git a/src/shared/util.c b/src/shared/util.c |
|
index 66729f70e5..1070e32c4a 100644 |
|
--- a/src/shared/util.c |
|
+++ b/src/shared/util.c |
|
@@ -3908,7 +3908,8 @@ int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gi |
|
if (parents) |
|
mkdir_parents(path, 0755); |
|
|
|
- fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY, mode > 0 ? mode : 0644); |
|
+ fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY, |
|
+ (mode == 0 || mode == MODE_INVALID) ? 0644 : mode); |
|
if (fd < 0) |
|
return -errno; |
|
|
|
|