Age | Commit message (Collapse) | Author |
|
This is related to #195.
This is an attempt to shorten the window for the first two issues
discussed by using a file descriptor which does not follow symbolic
links and using the fchmod and fchown calls instead of chown and chmod.
with.
|
|
X-Gentoo-Bug: 643084
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=643084
|
|
Checkpath should never follow symbolic links when changing ownership of a file.
This is for https://github.com/openrc/openrc/issues/195.
|
|
We were attempting to include rc.h in rc-misc.h instead of the source
files where it should be included.
|
|
This eliminates the need for the selinux-specific wrapper scrript we
were installing in /lib*/rc/{bin,sbin}.
|
|
In the past, OpenRC was a hybrid of a centralized and file-scope
license/copyright structure.
I followed the instructions from the Software Freedom Law Center [1] to
convert to a Centralized structure where possible, for easier future
maintenance.
[1] https://softwarefreedom.org/resources/2012/ManagingCopyrightInformation.html
|
|
|
|
If selinux is disabled, then stub methods will be provided instead of
calling the real methods. This removes some warnings about unused
parameters which used to be covered up with #ifdef HAVE_SELINUX.
Signed-off-by: Jason Zaman <jason@perfinion.com>
|
|
|
|
This is another security fix. If you use chown() or chmod() on a
symbolic link, it affects the referenced file, not the symbolic link
itself.
X-Gentoo-Bug: 540006
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=540006
|
|
|
|
Do not change permissions on the target if it is a file and has multiple
hard links. This is necessary because a hard link can be an attack
vector to gain privilege escalation.
X-Gentoo-Bug: 540006
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=540006
|
|
The stat structure was not being initialized correctly in do_check. This
was causing the owner adjustment to be skipped if the first path had the
correct owner.
Also, the "correcting owner" message should always be printed when the
owner is being changed.
X-Gentoo-Bug: 518042
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=518042
|
|
|
|
|
|
The name rc-selinux-util.* is a bit long, so I renamed the source files
to rc-selinux.*
X-Gentoo-Bug: 516956
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=516956
|
|
X-Gentoo-Bug: 516956
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=516956
|
|
The -W option does not need an argument of its own; it can take the
first path after all other options are processed on the command line.
Also, move the processing for the -W option out of the switch so it will
be in the same loop as the other processing.
|
|
|
|
Before this commit, not specifying -d, -f, -p or -W in a checkpath
command meant the command exited successfully but actually did nothing.
This is an error condition, so report it as such.
|
|
Checkpath was printing the path it was working with unless it was
correcting the owner. In this case, it was printing "checkpath", which
is not very useful.
Reported-by: <devurandom@gmx.net>
X-Gentoo-Bug: 439014
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=439014
|
|
Use true/false for bool values instead of 0/1.
Reported-by: <vapier@gentoo.org>
|
|
Fix checkpath so that it only changes the owner/group if -o is on the
command line.
Reported-by: <flameeyes@gentoo.org>
X-Gentoo-Bug: 437560
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=437560
|
|
Checkpath -W will use access(3p) to determine whether or not a path is
writable. This is more accurate than test(1p) because it also takes into
account whether or not the filesystem is mounted read-only.
Modified by William Hubbs to add the man page update.
|
|
during initial creation of files as well as potentially changing permissions later. Also do not abort if the items exist already, per truncate rules in tmpfiles.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
|
|
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
|
|
them. Some BSD libc implementations may have one or the other flag, but not both.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
|
|
This reverts commit 30a565f80d6056ccabadf77e347cf17067133f7e.
|
|
The following information is taken from the feature_test_macros man
page:
<features.h> is a Linux/glibc-specific header file. Other systems have
an analogous file, but typically with a different name. This header
file is automatically included by other header files as required: it is
not necessary to explicitly include it in order to employ feature test
macros.
Reported-by: Tibor Vago <tibor.vago@gmail.com>
X-Gentoo-Bug: 399635
X-Gentoo-Bug-URL: http://bugs.gentoo.org/show_bug.cgi?id=399635
|
|
This commit provides the checkpath applet with feature parity to
systemd's tmpfiles.c create_item function.
Very similarly to the systemd function, it does NOT do any of the
cleanup work in this function.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
|
|
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
from queue(3). Refactor code style around the BSD KNF.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|