[PATCH] elfcompress: Swap fchmod and fchown calls on new file.

public inbox for elfutils@sourceware.org
 help / color / mirror / Atom feed

* [PATCH] elfcompress: Swap fchmod and fchown calls on new file.
@ 2018-07-21 14:56 Mark Wielaard
       [not found] ` <CAFMg4WAjQrx0ZSH80o0kmkfcjkQkhrLMmJ0PMKEF8t+kx1-gZQ@mail.gmail.com>
  0 siblings, 1 reply; 2+ messages in thread
From: Mark Wielaard @ 2018-07-21 14:56 UTC (permalink / raw)
  To: elfutils-devel; +Cc: Igor Gnatenko, Mark Wielaard

Calling fchmod with a suid bit on a file might silently fail or the suid
bit might be slilently cleared by a call to fchown if already set. Swap
the calls so that the owner is set first and then set the suid bit.

https://bugzilla.redhat.com/show_bug.cgi?id=1607044

Signed-off-by: Mark Wielaard <mark@klomp.org>
---
 src/ChangeLog     |  4 ++++
 src/elfcompress.c | 11 +++++++----
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index e0f1b51..0e9ab30 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2018-07-21  Mark Wielaard  <mark@klomp.org>
+
+	* elfcompress.c (process_file): Swap fchmod and fchown calls.
+
 2018-07-04  Mark Wielaard  <mark@klomp.org>
 
 	* readelf.c (print_debug_addr_section): Rename index var to uidx.
diff --git a/src/elfcompress.c b/src/elfcompress.c
index bdb0e3b..1a0f984 100644
--- a/src/elfcompress.c
+++ b/src/elfcompress.c
@@ -1235,13 +1235,16 @@ process_file (const char *fname)
   elf_end (elfnew);
   elfnew = NULL;
 
-  /* Try to match mode and owner.group of the original file.  */
-  if (fchmod (fdnew, st.st_mode & ALLPERMS) != 0)
-    if (verbose >= 0)
-      error (0, errno, "Couldn't fchmod %s", fnew);
+  /* Try to match mode and owner.group of the original file.
+     Note to set suid bits we have to make sure the owner is setup
+     correctly first. Otherwise fchmod will drop them silently
+     or fchown may clear them.  */
   if (fchown (fdnew, st.st_uid, st.st_gid) != 0)
     if (verbose >= 0)
       error (0, errno, "Couldn't fchown %s", fnew);
+  if (fchmod (fdnew, st.st_mode & ALLPERMS) != 0)
+    if (verbose >= 0)
+      error (0, errno, "Couldn't fchmod %s", fnew);
 
   /* Finally replace the old file with the new file.  */
   if (foutput == NULL)
-- 
1.8.3.1

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] elfcompress: Swap fchmod and fchown calls on new file.
       [not found] ` <CAFMg4WAjQrx0ZSH80o0kmkfcjkQkhrLMmJ0PMKEF8t+kx1-gZQ@mail.gmail.com>
@ 2018-07-22  8:07   ` Mark Wielaard
  0 siblings, 0 replies; 2+ messages in thread
From: Mark Wielaard @ 2018-07-22  8:07 UTC (permalink / raw)
  To: Igor Gnatenko; +Cc: elfutils-devel

On Sat, Jul 21, 2018 at 05:05:43PM +0200, Igor Gnatenko wrote:
> On Sat, Jul 21, 2018 at 4:56 PM Mark Wielaard <mark@klomp.org> wrote:
> 
> > Calling fchmod with a suid bit on a file might silently fail or the suid
> > bit might be slilently cleared by a call to fchown if already set. Swap
> > the calls so that the owner is set first and then set the suid bit.
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=1607044
> 
> Reported-and-tested-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>

Thanks for testing.
Pushed to master.

Cheers,

Mark

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2018-07-22  8:07 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-21 14:56 [PATCH] elfcompress: Swap fchmod and fchown calls on new file Mark Wielaard
     [not found] ` <CAFMg4WAjQrx0ZSH80o0kmkfcjkQkhrLMmJ0PMKEF8t+kx1-gZQ@mail.gmail.com>
2018-07-22  8:07   ` Mark Wielaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).