diff options
author | Andrew Tridgell <tridge@samba.org> | 2008-08-27 10:45:43 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2008-08-27 12:08:39 +0200 |
commit | 9a89e30229442ae6336328c9e37b3121c188df01 (patch) | |
tree | 3544727ac07bad99d1c522ac98b096b19e2e37ef | |
parent | dc3f6b0861f83070b32a718d337fc755f5b18fee (diff) | |
download | samba-9a89e30229442ae6336328c9e37b3121c188df01.tar.gz samba-9a89e30229442ae6336328c9e37b3121c188df01.tar.bz2 samba-9a89e30229442ae6336328c9e37b3121c188df01.zip |
ldb: Fix permissions of group_mapping.ldb.
This one fixes bug #5715 and CVE-2008-3789.
(cherry picked from commit a94f44c49f668fcf12f4566777a668043326bf97)
(This used to be commit 2eaf4ed62220246bcc1a9702166b0b4f381fdae3)
-rw-r--r-- | source3/groupdb/mapping_ldb.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/source3/groupdb/mapping_ldb.c b/source3/groupdb/mapping_ldb.c index 6775f612e7..ce65d7c46d 100644 --- a/source3/groupdb/mapping_ldb.c +++ b/source3/groupdb/mapping_ldb.c @@ -74,7 +74,13 @@ static bool init_group_mapping(void) if (ret != LDB_SUCCESS) { goto failed; } - + + /* force the permissions on the ldb to 0600 - this will fix + existing databases as well as new ones */ + if (chmod(db_path, 0600) != 0) { + goto failed; + } + if (!existed) { /* initialise the ldb with an index */ struct ldb_ldif *ldif; |