-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlD+pdkACgkQrlYvE4MpobMNlwCffYi98l7VaYGb2Pqq6BQ4fwvD
UpQAoI4UkgSLvpEkAWtdeeN/wPVuo05B
=chf/
-----END PGP SIGNATURE-----
>From 45d35b65d07c2cc9245b88d9fb709e0b72580288 Mon Sep 17 00:00:00 2001
From: rhatdan <dwalsh@xxxxxxxxxx>
Date: Wed, 26 Sep 2012 11:00:56 -0400
Subject: [PATCH 27/84] policycoreutils: seunshare: NO NO 100 times NO CHECK
the return!!!
WTF.
Compiler will not allow me to compile code without checking return code of setfsuid, setfsuid does not return a valid return code, so I am checking just -1 which should never happen. Second part of patch addes better output for error string
---
policycoreutils/sandbox/seunshare.c | 37 ++++++++++++++++++++++++++-----------
1 file changed, 26 insertions(+), 11 deletions(-)
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
index 3bb3c4b..d16e331 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
@@ -31,6 +31,12 @@
#include <selinux/context.h> /* for context-mangling functions */
#include <dirent.h>
+
+/*
+ * Note setfsuid never returns an error code. But the compiler complains if
+ * I do not check, so I am checking for -1, which should never happen.
+ */
+
#ifdef USE_NLS
#include <locale.h> /* for setlocale() */
#include <libintl.h> /* for gettext() */
@@ -617,12 +623,15 @@ static int cleanup_tmpdir(const char *tmpdir, const char *src,
free(cmdbuf); cmdbuf = NULL;
/* remove runtime temporary directory */
- setfsuid(0);
+ if (setfsuid(0) < 0)
+ rc++;
+
if (rmdir(tmpdir) == -1)
fprintf(stderr, _("Failed to remove directory %s: %s\n"), tmpdir, strerror(errno));
- setfsuid(pwd->pw_uid);
+ if (setfsuid(pwd->pw_uid) < 0)
+ rc++;
- return 0;
+ return rc;
}
/**
@@ -642,7 +651,9 @@ static char *create_tmpdir(const char *src, struct stat *src_st,
/* get selinux context */
if (execcon) {
- setfsuid(pwd->pw_uid);
+ if (setfsuid(pwd->pw_uid) < 0)
+ goto err;
+
if ((fd_s = open(src, O_RDONLY)) < 0) {
fprintf(stderr, _("Failed to open directory %s: %s\n"), src, strerror(errno));
goto err;
@@ -661,7 +672,8 @@ static char *create_tmpdir(const char *src, struct stat *src_st,
}
/* ok to not reach this if there is an error */
- setfsuid(0);
+ if (setfsuid(0) < 0)
+ goto err;
}
if (asprintf(&tmpdir, "/tmp/.sandbox-%s-XXXXXX", pwd->pw_name) == -1) {
@@ -716,14 +728,16 @@ static char *create_tmpdir(const char *src, struct stat *src_st,
}
}
- setfsuid(pwd->pw_uid);
+ if (setfsuid(pwd->pw_uid) < 0)
+ goto err;
if (rsynccmd(src, tmpdir, &cmdbuf) < 0) {
goto err;
}
/* ok to not reach this if there is an error */
- setfsuid(0);
+ if (setfsuid(0) < 0)
+ goto err;
if (cmdbuf && spawn_command(cmdbuf, pwd->pw_uid) != 0) {
fprintf(stderr, _("Failed to populate runtime temporary directory\n"));
@@ -916,7 +930,8 @@ int main(int argc, char **argv) {
/* Changing fsuid is usually required when user-specified directory is
* on an NFS mount. It's also desired to avoid leaking info about
* existence of the files not accessible to the user. */
- setfsuid(uid);
+ if (setfsuid(uid) < 0)
+ return -1;
/* verify homedir and tmpdir */
if (homedir_s && (
@@ -925,7 +940,7 @@ int main(int argc, char **argv) {
if (tmpdir_s && (
verify_directory(tmpdir_s, NULL, &st_tmpdir_s) < 0 ||
check_owner_uid(uid, tmpdir_s, &st_tmpdir_s))) return -1;
- setfsuid(0);
+ if (setfsuid(0) < 0) return -1;
/* create runtime tmpdir */
if (tmpdir_s && (tmpdir_r = create_tmpdir(tmpdir_s, &st_tmpdir_s,
@@ -959,7 +974,7 @@ int main(int argc, char **argv) {
}
/* assume fsuid==ruid after this point */
- setfsuid(uid);
+ if (setfsuid(uid) < 0) goto childerr;
/* mount homedir and tmpdir, in this order */
if (homedir_s && seunshare_mount(homedir_s, pwd->pw_dir,
@@ -1005,7 +1020,7 @@ int main(int argc, char **argv) {
/* selinux context */
if (execcon && setexeccon(execcon) != 0) {
- fprintf(stderr, _("Could not set exec context to %s.\n"), execcon);
+ fprintf(stderr, _("Could not set exec context to %s. %s\n"), execcon, strerror(errno));
goto childerr;
}
--
1.8.1
