diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2013-03-20 01:38:28 -0400 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2013-03-20 14:08:41 -0400 |
commit | d34cd374905a40e65769351a2808b741b5418bf1 (patch) | |
tree | 5dbd6761c13de63a6d5b1c0733d82990abb46aef /src/shared | |
parent | 1f048a6b6bcc30d2e157711b3d231d7a944e6ffb (diff) |
Make PrivateTmp dirs also inaccessible from the outside
Currently, PrivateTmp=yes means that the service cannot see the /tmp
shared by rest of the system and is isolated from other services using
PrivateTmp, but users can access and modify /tmp as seen by the
service.
Move the private /tmp and /var/tmp directories into a 0077-mode
directory. This way unpriviledged users on the system cannot see (or
modify) /tmp as seen by the service.
Diffstat (limited to 'src/shared')
-rw-r--r-- | src/shared/util.c | 53 | ||||
-rw-r--r-- | src/shared/util.h | 2 |
2 files changed, 29 insertions, 26 deletions
diff --git a/src/shared/util.c b/src/shared/util.c index 34c5330838..bdef9f0431 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -5683,46 +5683,49 @@ int search_and_fopen_nulstr(const char *path, const char *mode, const char *sear return search_and_fopen_internal(path, mode, s, _f); } -int create_tmp_dir(char template[], mode_t mask, bool need_sticky, char** dir_name) { +int create_tmp_dir(char template[], char** dir_name) { int r = 0; - char *d = NULL; - bool remove = false; + char *d, *dt; mode_t _cleanup_umask_ u; assert(dir_name); - u = umask(mask); + u = umask(0077); d = mkdtemp(template); if (!d) { - r = -errno; - log_debug("Can't create directory"); - goto fail; + log_error("Can't create directory %s: %m", template); + return -errno; } - remove = true; - - log_debug("Created temporary directory : %s", template); - - d = strdup(template); - if (!d) { + dt = strjoin(d, "/tmp", NULL); + if (!dt) { r = log_oom(); - goto fail; + goto fail2; } - if (need_sticky) { - r = chmod(template, 0777 | S_ISVTX); - if (r < 0) { - r = -errno; - goto fail; - } - log_debug("Setting sticky bit on : %s", template); + umask(0000); + r = mkdir(dt, 0777); + if (r) { + log_error("Can't create directory %s: %m", dt); + r = -errno; + goto fail1; + } + log_debug("Created temporary directory %s", dt); + + r = chmod(dt, 0777 | S_ISVTX); + if (r < 0) { + log_error("Failed to chmod %s: %m", dt); + r = -errno; + goto fail1; } + log_debug("Set sticky bit on %s", dt); - *dir_name = d; + *dir_name = dt; return 0; -fail: - if (remove) - rmdir(template); +fail1: + rmdir(dt); +fail2: + rmdir(template); return r; } diff --git a/src/shared/util.h b/src/shared/util.h index 4be0b61773..7c032b6b62 100644 --- a/src/shared/util.h +++ b/src/shared/util.h @@ -579,7 +579,7 @@ int on_ac_power(void); int search_and_fopen(const char *path, const char *mode, const char **search, FILE **_f); int search_and_fopen_nulstr(const char *path, const char *mode, const char *search, FILE **_f); -int create_tmp_dir(char template[], mode_t mask, bool need_sticky, char** dir_name); +int create_tmp_dir(char template[], char** dir_name); #define FOREACH_LINE(line, f, on_error) \ for (;;) \ |