summaryrefslogtreecommitdiff
path: root/src/tools/tools_util.h
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2013-01-20 20:27:05 +0100
committerJakub Hrozek <jhrozek@redhat.com>2013-01-23 14:27:58 +0100
commit94cbf1cfb0f88c967f1fb0a4cf23723148868e4a (patch)
tree11f640bd1b848d8e3b295e62bcec69dea188cb69 /src/tools/tools_util.h
parent020bf88fd1c5bdac8fc671b37c7118f5378c7047 (diff)
downloadsssd-94cbf1cfb0f88c967f1fb0a4cf23723148868e4a.tar.gz
sssd-94cbf1cfb0f88c967f1fb0a4cf23723148868e4a.tar.bz2
sssd-94cbf1cfb0f88c967f1fb0a4cf23723148868e4a.zip
TOOLS: Use file descriptor to avoid races when creating a home directory
When creating a home directory, the destination tree can be modified in various ways while it is being constructed because directory permissions are set before populating the directory. This can lead to file creation and permission changes outside the target directory tree, using hard links. This security problem was assigned CVE-2013-0219 https://fedorahosted.org/sssd/ticket/1782
Diffstat (limited to 'src/tools/tools_util.h')
-rw-r--r--src/tools/tools_util.h5
1 files changed, 2 insertions, 3 deletions
diff --git a/src/tools/tools_util.h b/src/tools/tools_util.h
index 47bf3876..50f5a51f 100644
--- a/src/tools/tools_util.h
+++ b/src/tools/tools_util.h
@@ -117,9 +117,8 @@ errno_t sss_mc_refresh_grouplist(struct tools_ctx *tctx,
/* from files.c */
int remove_tree(const char *root);
-int copy_tree(const char *src_root,
- const char *dst_root,
- uid_t uid, gid_t gid);
+int copy_tree(const char *src_root, const char *dst_root,
+ mode_t mode_root, uid_t uid, gid_t gid);
/* from nscd.c */
enum nscd_db {