diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-01-20 20:27:05 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-01-23 14:27:58 +0100 |
commit | 94cbf1cfb0f88c967f1fb0a4cf23723148868e4a (patch) | |
tree | 11f640bd1b848d8e3b295e62bcec69dea188cb69 /src/tools/tools_util.h | |
parent | 020bf88fd1c5bdac8fc671b37c7118f5378c7047 (diff) | |
download | sssd-94cbf1cfb0f88c967f1fb0a4cf23723148868e4a.tar.gz sssd-94cbf1cfb0f88c967f1fb0a4cf23723148868e4a.tar.bz2 sssd-94cbf1cfb0f88c967f1fb0a4cf23723148868e4a.zip |
TOOLS: Use file descriptor to avoid races when creating a home directory
When creating a home directory, the destination tree can be modified in
various ways while it is being constructed because directory permissions
are set before populating the directory. This can lead to file creation
and permission changes outside the target directory tree, using hard links.
This security problem was assigned CVE-2013-0219
https://fedorahosted.org/sssd/ticket/1782
Diffstat (limited to 'src/tools/tools_util.h')
-rw-r--r-- | src/tools/tools_util.h | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/src/tools/tools_util.h b/src/tools/tools_util.h index 47bf3876..50f5a51f 100644 --- a/src/tools/tools_util.h +++ b/src/tools/tools_util.h @@ -117,9 +117,8 @@ errno_t sss_mc_refresh_grouplist(struct tools_ctx *tctx, /* from files.c */ int remove_tree(const char *root); -int copy_tree(const char *src_root, - const char *dst_root, - uid_t uid, gid_t gid); +int copy_tree(const char *src_root, const char *dst_root, + mode_t mode_root, uid_t uid, gid_t gid); /* from nscd.c */ enum nscd_db { |