summaryrefslogtreecommitdiff
path: root/src/shared
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2013-03-20 01:38:28 -0400
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2013-03-20 14:08:41 -0400
commitd34cd374905a40e65769351a2808b741b5418bf1 (patch)
tree5dbd6761c13de63a6d5b1c0733d82990abb46aef /src/shared
parent1f048a6b6bcc30d2e157711b3d231d7a944e6ffb (diff)
Make PrivateTmp dirs also inaccessible from the outside
Currently, PrivateTmp=yes means that the service cannot see the /tmp shared by rest of the system and is isolated from other services using PrivateTmp, but users can access and modify /tmp as seen by the service. Move the private /tmp and /var/tmp directories into a 0077-mode directory. This way unpriviledged users on the system cannot see (or modify) /tmp as seen by the service.
Diffstat (limited to 'src/shared')
-rw-r--r--src/shared/util.c53
-rw-r--r--src/shared/util.h2
2 files changed, 29 insertions, 26 deletions
diff --git a/src/shared/util.c b/src/shared/util.c
index 34c5330838..bdef9f0431 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -5683,46 +5683,49 @@ int search_and_fopen_nulstr(const char *path, const char *mode, const char *sear
return search_and_fopen_internal(path, mode, s, _f);
}
-int create_tmp_dir(char template[], mode_t mask, bool need_sticky, char** dir_name) {
+int create_tmp_dir(char template[], char** dir_name) {
int r = 0;
- char *d = NULL;
- bool remove = false;
+ char *d, *dt;
mode_t _cleanup_umask_ u;
assert(dir_name);
- u = umask(mask);
+ u = umask(0077);
d = mkdtemp(template);
if (!d) {
- r = -errno;
- log_debug("Can't create directory");
- goto fail;
+ log_error("Can't create directory %s: %m", template);
+ return -errno;
}
- remove = true;
-
- log_debug("Created temporary directory : %s", template);
-
- d = strdup(template);
- if (!d) {
+ dt = strjoin(d, "/tmp", NULL);
+ if (!dt) {
r = log_oom();
- goto fail;
+ goto fail2;
}
- if (need_sticky) {
- r = chmod(template, 0777 | S_ISVTX);
- if (r < 0) {
- r = -errno;
- goto fail;
- }
- log_debug("Setting sticky bit on : %s", template);
+ umask(0000);
+ r = mkdir(dt, 0777);
+ if (r) {
+ log_error("Can't create directory %s: %m", dt);
+ r = -errno;
+ goto fail1;
+ }
+ log_debug("Created temporary directory %s", dt);
+
+ r = chmod(dt, 0777 | S_ISVTX);
+ if (r < 0) {
+ log_error("Failed to chmod %s: %m", dt);
+ r = -errno;
+ goto fail1;
}
+ log_debug("Set sticky bit on %s", dt);
- *dir_name = d;
+ *dir_name = dt;
return 0;
-fail:
- if (remove)
- rmdir(template);
+fail1:
+ rmdir(dt);
+fail2:
+ rmdir(template);
return r;
}
diff --git a/src/shared/util.h b/src/shared/util.h
index 4be0b61773..7c032b6b62 100644
--- a/src/shared/util.h
+++ b/src/shared/util.h
@@ -579,7 +579,7 @@ int on_ac_power(void);
int search_and_fopen(const char *path, const char *mode, const char **search, FILE **_f);
int search_and_fopen_nulstr(const char *path, const char *mode, const char *search, FILE **_f);
-int create_tmp_dir(char template[], mode_t mask, bool need_sticky, char** dir_name);
+int create_tmp_dir(char template[], char** dir_name);
#define FOREACH_LINE(line, f, on_error) \
for (;;) \