picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

tmpfiles: make write_one_file() safe

This commit is contained in:
Franck Bui 2018-04-13 17:54:09 +02:00
parent 14ab804e14
commit 551470ecf2
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/tmpfiles/tmpfiles.c
View File

@ -1271,7 +1271,8 @@ static int path_set_attribute(Item *item, const char *path) {
}
static int write_one_file(Item *i, const char *path) {
_cleanup_close_ int fd = -1;
_cleanup_close_ int fd = -1, dir_fd = -1;
char *bn;
int r;
assert(i);
@ -1279,8 +1280,16 @@ static int write_one_file(Item *i, const char *path) {
assert(i->argument);
assert(i->type == WRITE_FILE);
/* Validate the path and keep the fd on the directory for opening the
* file so we're sure that it can't be changed behind our back. */
dir_fd = path_open_parent_safe(path);
if (dir_fd < 0)
return dir_fd;
bn = basename(path);
/* Follows symlinks */
fd = open(path, O_NONBLOCK|O_CLOEXEC|O_WRONLY|O_NOCTTY, i->mode);
fd = openat(dir_fd, bn, O_NONBLOCK|O_CLOEXEC|O_WRONLY|O_NOCTTY, i->mode);
if (fd < 0) {
if (errno == ENOENT) {
log_debug_errno(errno, "Not writing missing file \"%s\": %m", path);
@ -1296,7 +1305,7 @@ static int write_one_file(Item *i, const char *path) {
if (r < 0)
return log_error_errno(r, "Failed to write file \"%s\": %m", path);
return path_set_perms(i, path);
return fd_set_perms(i, fd, NULL);
}
static int create_file(Item *i, const char *path) {