From 185fe43fb7bdab9dac70fc6498de11a1ba7b286d Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Fri, 7 Dec 2018 16:04:22 +0100 Subject: [PATCH] extra_data: In system-helper case, canonicalize uid/gid Make sure all files produced by apply_extra are owned by root. Closes: #2398 Approved by: matthiasclasen --- common/flatpak-dir.c | 5 ++++- common/flatpak-utils-private.h | 2 ++ common/flatpak-utils.c | 24 ++++++++++++++++++++++-- 3 files changed, 28 insertions(+), 3 deletions(-) diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c index 3cdc56e3..d8369b3d 100644 --- a/common/flatpak-dir.c +++ b/common/flatpak-dir.c @@ -6700,7 +6700,10 @@ apply_extra_data (FlatpakDir *self, error)) return FALSE; - if (!flatpak_canonicalize_permissions (AT_FDCWD, flatpak_file_get_path_cached (extra_files), error)) + if (!flatpak_canonicalize_permissions (AT_FDCWD, flatpak_file_get_path_cached (extra_files), + getuid() == 0 ? 0 : -1, + getuid() == 0 ? 0 : -1, + error)) return FALSE; if (exit_status != 0) diff --git a/common/flatpak-utils-private.h b/common/flatpak-utils-private.h index ada6a946..0b8fff17 100644 --- a/common/flatpak-utils-private.h +++ b/common/flatpak-utils-private.h @@ -479,6 +479,8 @@ gboolean flatpak_rm_rf (GFile *dir, gboolean flatpak_canonicalize_permissions (int parent_dfd, const char *rel_path, + int uid, + int gid, GError **error); char * flatpak_readlink (const char *path, diff --git a/common/flatpak-utils.c b/common/flatpak-utils.c index 736919bc..861499de 100644 --- a/common/flatpak-utils.c +++ b/common/flatpak-utils.c @@ -1993,6 +1993,8 @@ static gboolean _flatpak_canonicalize_permissions (int parent_dfd, const char *rel_path, gboolean toplevel, + int uid, + int gid, GError **error) { struct stat stbuf; @@ -2008,6 +2010,22 @@ _flatpak_canonicalize_permissions (int parent_dfd, return FALSE; } + if ((uid != -1 && uid != stbuf.st_uid) || (gid != -1 && gid != stbuf.st_gid)) + { + if (TEMP_FAILURE_RETRY (fchownat (parent_dfd, rel_path, uid, gid, AT_SYMLINK_NOFOLLOW)) != 0) + { + glnx_set_error_from_errno (error); + return FALSE; + } + + /* Re-read st_mode for new owner */ + if (TEMP_FAILURE_RETRY (fstatat (parent_dfd, rel_path, &stbuf, AT_SYMLINK_NOFOLLOW)) != 0) + { + glnx_set_error_from_errno (error); + return FALSE; + } + } + if (S_ISDIR (stbuf.st_mode)) { g_auto(GLnxDirFdIterator) dfd_iter = { 0, }; @@ -2031,7 +2049,7 @@ _flatpak_canonicalize_permissions (int parent_dfd, if (!glnx_dirfd_iterator_next_dent (&dfd_iter, &dent, NULL, NULL) || dent == NULL) break; - if (!_flatpak_canonicalize_permissions (dfd_iter.fd, dent->d_name, FALSE, error)) + if (!_flatpak_canonicalize_permissions (dfd_iter.fd, dent->d_name, FALSE, uid, gid, error)) { error = NULL; res = FALSE; @@ -2086,9 +2104,11 @@ _flatpak_canonicalize_permissions (int parent_dfd, gboolean flatpak_canonicalize_permissions (int parent_dfd, const char *rel_path, + int uid, + int gid, GError **error) { - return _flatpak_canonicalize_permissions (parent_dfd, rel_path, TRUE, error); + return _flatpak_canonicalize_permissions (parent_dfd, rel_path, TRUE, uid, gid, error); } /* Make a directory, and its parent. Don't error if it already exists.