man/man-db-2.7.1-security4.dif

43 lines
1.1 KiB
Plaintext

---
src/mandb.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
--- src/mandb.c
+++ src/mandb.c 2016-12-16 07:14:50.995017235 +0000
@@ -439,17 +439,26 @@ static int mandb (struct dbpaths *dbpath
int ret, amount;
char *dbname;
int should_create;
+ int fd;
dbname = mkdbname (catpath);
database = xasprintf ("%s/%d", catpath, getpid ());
+ /* Just for the case that catpath isn't a system catpath */
+ drop_effective_privs ();
+ fd = open (database, O_WRONLY | O_CREAT | O_EXCL, 0644);
+ regain_effective_privs ();
+ if (fd < 0)
+ error (FATAL, errno, _("can't create a temporary filename"));
+ close(fd);
+
if (!quiet)
printf (_("Processing manual pages under %s...\n"), manpath);
if (!STREQ (catpath, manpath)) {
char *cachedir_tag;
- int fd;
+ drop_effective_privs ();
cachedir_tag = xasprintf ("%s/CACHEDIR.TAG", catpath);
fd = open (cachedir_tag, O_RDONLY);
if (fd < 0) {
@@ -467,6 +476,7 @@ static int mandb (struct dbpaths *dbpath
if (global_manpath)
chown_if_possible (cachedir_tag);
check_chmod (cachedir_tag, DBMODE);
+ regain_effective_privs ();
free (cachedir_tag);
}