| Re: [chrony-dev] create_dir in util.c - permissions |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
On Sat, Nov 21, 2015 at 01:37:37PM +1300, Bryan Christianson wrote:
> Something I noticed when enabling a non-privileged user after having previously been running chronyd as root.
>
> If a directory already exists, create_dir just returns
>
> if (S_ISDIR(buf.st_mode))
> return 1;
> LOG(LOGS_ERR, LOGF_Util, "%s is not directory", p);
> return 0;
>
>
> I think there should be a call to chown(p, uid, gid) before the return.
I'm not sure. I think that could be a dangerous operation. What if
someone misunderstood the requirements and set the socket path to
/var/run for instance?
> Not sure what to do with any existing directory contents. Maybe they should also be chown() 'd.
Probably better to not assume anything about the content.
> Or maybe the system administrator should be doing all this manually. :)
Yes, I'd rather leave that up to the admin or a package postinstall
script to allow an upgrade to a configuration dropping root
privileges.
Isn't /var/run typically localted on a ramdisk or at least cleaned on
boot? In the worst case reboot should be able to fix it.
--
Miroslav Lichvar
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.