diff options
author | Mantas Mikulėnas <grawity@gmail.com> | 2016-01-29 23:36:08 +0200 |
---|---|---|
committer | Mantas Mikulėnas <grawity@gmail.com> | 2016-01-29 23:41:09 +0200 |
commit | 06eeacb6fe029804f296b065b3ce91e796e1cd0e (patch) | |
tree | a8e169f11350d4c34338c142f92e8d45bc95313d /src/basic | |
parent | 7d82cd4d53f88402edc923f5020c9ad22f9dc154 (diff) |
basic: fix touch() creating files with 07777 mode
mode_t is unsigned, so MODE_INVALID < 0 can never be true.
This fixes a possible DoS where any user could fill /run by writing to
a world-writable /run/systemd/show-status.
Diffstat (limited to 'src/basic')
-rw-r--r-- | src/basic/fs-util.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c index d31bd6e273..61b651b573 100644 --- a/src/basic/fs-util.c +++ b/src/basic/fs-util.c @@ -341,7 +341,8 @@ int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gi if (parents) mkdir_parents(path, 0755); - fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY, mode > 0 ? mode : 0644); + fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY, + (mode == 0 || mode == MODE_INVALID) ? 0644 : mode); if (fd < 0) return -errno; |