man/man-db-2.7.1-security4.dif

49 lines
1.3 KiB
Plaintext
Raw Normal View History

---
src/mandb.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- src/mandb.c
+++ src/mandb.c 2015-05-28 10:43:41.785520616 +0000
@@ -37,6 +37,7 @@
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h> /* for chmod() */
+#include <fcntl.h> /* for open () */
#include <dirent.h>
#include <unistd.h>
#include <signal.h>
@@ -446,10 +447,19 @@ static int mandb (const char *catpath, c
char *dbname;
char *cachedir_tag;
struct stat st;
+ int fd;
dbname = mkdbname (catpath);
database = xasprintf ("%s/%d", catpath, getpid ());
+ /* Just for the case that catpath isn't a system catpath */
+ drop_effective_privs ();
+ fd = open (database, O_WRONLY | O_CREAT | O_EXCL, 0644);
+ regain_effective_privs ();
+ if (fd < 0)
+ error (FATAL, errno, _("can't create a temporary filename"));
+ close(fd);
+
if (!quiet)
printf (_("Processing manual pages under %s...\n"), manpath);
@@ -458,11 +468,13 @@ static int mandb (const char *catpath, c
if (stat (cachedir_tag, &st) == -1 && errno == ENOENT) {
FILE *cachedir_tag_file;
+ drop_effective_privs ();
cachedir_tag_file = fopen (cachedir_tag, "w");
if (cachedir_tag_file) {
fputs (CACHEDIR_TAG, cachedir_tag_file);
fclose (cachedir_tag_file);
}
+ regain_effective_privs ();
}
free (cachedir_tag);
}