pool/targetcli-fb
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b0e48b3756
targetcli-fb/0004-saveconfig-set-right-perms-on-etc-target-dir.patch
Lee Duncan b0e48b3756 Accepting request 813263 from home:lee_duncan:branches:Base:System 
- Added 4 upstream commits for CVE-2020-13867 (bsc#1172743),
  adding patches:
  * 0001-uds-set-right-permissions-at-bind-time.patch
  * 0002-saveconfig-set-0o600-perms-on-backupfiles.patch
  * 0003-saveconfig-set-right-perms-on-backup-dir.patch
  * 0004-saveconfig-set-right-perms-on-etc-target-dir.patch

OBS-URL: https://build.opensuse.org/request/show/813263
OBS-URL: https://build.opensuse.org/package/show/Base:System/targetcli-fb?expand=0&rev=43
2020-06-10 14:50:07 +00:00

86 lines
3.2 KiB
Diff
Raw Blame History

From 9f5764dac39b5b75ee6b5d9e4db419d09d64b898 Mon Sep 17 00:00:00 2001
From: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Date: Fri, 29 May 2020 15:36:27 +0530
Subject: [PATCH 4/4] saveconfig: set right perms on /etc/target/ dir
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
---
targetcli/ui_root.py | 40 +++++++++++++++++++++++++---------------
1 file changed, 25 insertions(+), 15 deletions(-)
diff --git a/targetcli/ui_root.py b/targetcli/ui_root.py
index b24c789f213d..39e5ee99c342 100644
--- a/targetcli/ui_root.py
+++ b/targetcli/ui_root.py
@@ -95,6 +95,26 @@ class UIRoot(UINode):
else:
return False
+ def _create_dir(self, dirname):
+ '''
+ create directory with permissions 0o600 set
+ if directory already exists, set right perms
+ '''
+ mode = stat.S_IRUSR | stat.S_IWUSR # 0o600
+ if not os.path.exists(dirname):
+ umask = 0o777 ^ mode # Prevents always downgrading umask to 0
+ umask_original = os.umask(umask)
+ try:
+ os.makedirs(dirname, mode)
+ except OSError as exe:
+ raise ExecutionError("Cannot create directory [%s] %s."
+ % (dirname, exe.strerror))
+ finally:
+ os.umask(umask_original)
+ else:
+ if (os.stat(dirname).st_mode & 0o777) != mode:
+ os.chmod(dirname, mode)
+
def _save_backups(self, savefile):
'''
Take backup of config-file if needed.
@@ -109,21 +129,7 @@ class UIRoot(UINode):
backupfile = backup_dir + backup_name
backup_error = None
- mode = stat.S_IRUSR | stat.S_IWUSR # 0o600
- umask = 0o777 ^ mode # Prevents always downgrading umask to 0
-
- if not os.path.exists(backup_dir):
- umask_original = os.umask(umask)
- try:
- os.makedirs(backup_dir, mode)
- except OSError as exe:
- raise ExecutionError("Cannot create backup directory [%s] %s."
- % (backup_dir, exe.strerror))
- finally:
- os.umask(umask_original)
- else:
- if (os.stat(backup_dir).st_mode & 0o777) != mode:
- os.chmod(backup_dir, mode)
+ self._create_dir(backup_dir)
# Only save backups if savefile exits
if not os.path.exists(savefile):
@@ -134,6 +140,8 @@ class UIRoot(UINode):
# Save backup if backup dir is empty, or savefile is differnt from recent backup copy
if not backed_files_list or not self._compare_files(backed_files_list[-1], savefile):
+ mode = stat.S_IRUSR | stat.S_IWUSR # 0o600
+ umask = 0o777 ^ mode # Prevents always downgrading umask to 0
umask_original = os.umask(umask)
try:
with open(savefile, 'rb') as f_in, gzip.open(backupfile, 'wb') as f_out:
@@ -179,6 +187,8 @@ class UIRoot(UINode):
savefile = os.path.expanduser(savefile)
+ save_dir = os.path.dirname(savefile)
+ self._create_dir(save_dir)
self._save_backups(savefile)
self.rtsroot.save_to_file(savefile)
--
2.26.2
Reference in New Issue View Git Blame Copy Permalink