[fedfs-utils] [PATCH] libnsdb: set file mode on open(..., O_CREAT)
Jeff Layton
jlayton at poochiereds.net
Fri Jul 29 05:06:24 PDT 2011
On Wed, 27 Jul 2011 10:53:47 -0400
Chuck Lever <chucklever at gmail.com> wrote:
> On Mon, Jul 11, 2011 at 7:57 AM, Jeff Layton <jlayton at poochiereds.net> wrote:
> > On Sun, 10 Jul 2011 22:13:37 +0100
> > Chuck Lever <chucklever at gmail.com> wrote:
> >
> >> On Thu, Jul 7, 2011 at 9:33 PM, Jeff Layton <jlayton at redhat.com> wrote:
> >> > open(2) with O_CREAT requires the caller to provide a mode.
> >>
> >> Interesting. I assumed that the gcc system headers would flag
> >> something like this and warn, but I haven't seen such a warning.
> >>
> >
> > It does warn, but you may have to set a -D compiler flag. This bug
> > caused the build to fail via rpmbuild.
>
> I'm applying this and releasing 0.6.5 soon, to enable RPM packaging
> work to continue.
>
> Do you perhaps have the compiler flag that exposes this? I'd like to
> consider including it in the default compiler options for fedfs-utils.
> Also, can you provide the compiler error listing?
>
> >> > (Chuck: Does 0666 make sense here?)
> >>
> >> /me pages in just enough to answer...
> >>
> >> I've confirmed with an RH-local LDAP expert that we should drop cert
> >> files into a directory under /var/lib/fedfs. Such a directory would
> >> be owned by the FEDFS user and group.
> >>
> >> Right now this function is invoked by the nsdbparams command, running
> >> as root; and the rpc.fedfsd server, running with dropped privileges as
> >> the FEDFS user and group. These programs can create, replace, or
> >> delete these cert files.
> >>
> >> Cert files will be read by user processes that handle junction
> >> resolution, and by NSDB administrative programs... these programs run
> >> as normal users, no guarantee that they will have any kind of special
> >> privileges.
> >>
> >> Thus I think cert files should be owned by the FEDFS user and group
> >> whether this function is invoked by a root caller or a caller running
> >> as the FEDFS user and group. A cert file can be readable, but should
> >> not be writeable, by the world.
> >>
> >> I doubt the function works quite this way right at the moment. This
> >> is one of the areas that still needs to be completed.
> >>
> >> Another concern is how to tag these files with the correct SELinux
> >> contexts as they are created...
> >>
> >> > Signed-off-by: Jeff Layton <jlayton at redhat.com>
> >> > ---
> >> > src/libnsdb/nsdb.c | 2 +-
> >> > 1 files changed, 1 insertions(+), 1 deletions(-)
> >> >
> >> > diff --git a/src/libnsdb/nsdb.c b/src/libnsdb/nsdb.c
> >> > index cad92eb..00be913 100644
> >> > --- a/src/libnsdb/nsdb.c
> >> > +++ b/src/libnsdb/nsdb.c
> >> > @@ -532,7 +532,7 @@ nsdb_new_certfile(const char *certdata, const unsigned int certlen,
> >> > goto out;
> >> > }
> >> >
> >> > - fd = open(pathbuf, O_WRONLY | O_SYNC | O_CREAT | O_EXCL);
> >> > + fd = open(pathbuf, O_WRONLY | O_SYNC | O_CREAT | O_EXCL, 0666);
> >> > if (fd == -1) {
> >> > xlog(D_GENERAL, "%s: Failed to open %s: %m",
> >> > __func__, pathbuf);
> >>
> >
> >
> > --
> > Jeff Layton <jlayton at poochiereds.net>
> >
Here's an excerpt from the build with RPM:
gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I../.. -I. -I../../src/include -ggdb -fstrict-aliasing -fpie -Wall -Wextra -pedantic -Wformat=2 -Wstrict-aliasing=2 -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -c nsdb.c
gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I../.. -I. -I../../src/include -ggdb -fstrict-aliasing -fpie -Wall -Wextra -pedantic -Wformat=2 -Wstrict-aliasing=2 -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -c sqlite.c
In file included from /usr/include/fcntl.h:267:0,
from nsdb.c:39:
In function 'open',
inlined from 'nsdb_new_certfile' at nsdb.c:535:5:
/usr/include/bits/fcntl2.h:51:24: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT in second argument needs 3 arguments
I think the -D_FORTIFY_SOURCE=2 is what makes this check happen.
--
Jeff Layton <jlayton at poochiereds.net>
More information about the fedfs-utils-devel
mailing list