diff options
| author | Lennart Poettering <lennart@poettering.net> | 2019-03-25 16:21:11 +0100 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-03-26 08:29:37 +0100 |
| commit | 607b358ef2df56cb3451e68b1489c5788882dfd3 (patch) | |
| tree | 0c964b407fa5c33642125c92af4553ba1328a1bb /src/core/execute.c | |
| parent | 25e68fd3974a324289b0a90269c5c5fa900e2ba7 (diff) | |
| download | systemd-607b358ef2df56cb3451e68b1489c5788882dfd3.tar.gz | |
core: drop suid/sgid bit of files/dirs when doing recursive chown
This adds some extra paranoia: when we recursively chown a directory for
use with DynamicUser=1 services we'll now drop suid/sgid from all files
we chown().
Of course, such files should not exist in the first place, and noone
should get access to those dirs who isn't root anyway, but let's better
be safe than sorry, and drop everything we come across.
Diffstat (limited to 'src/core/execute.c')
| -rw-r--r-- | src/core/execute.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/core/execute.c b/src/core/execute.c index dabb6d824f..6698f59a46 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -2194,8 +2194,10 @@ static int setup_exec_directory( if (r < 0) goto fail; - /* Then, change the ownership of the whole tree, if necessary */ - r = path_chown_recursive(pp ?: p, uid, gid); + /* Then, change the ownership of the whole tree, if necessary. When dynamic users are used we + * drop the suid/sgid bits, since we really don't want SUID/SGID files for dynamic UID/GID + * assignments to exist.*/ + r = path_chown_recursive(pp ?: p, uid, gid, context->dynamic_user ? 01777 : 07777); if (r < 0) goto fail; } |