Re: [chrony-dev] create_dir in util.c - permissions

[ Thread Index | Date Index | More Archives ]

On Sat, Nov 21, 2015 at 01:37:37PM +1300, Bryan Christianson wrote:
> Something I noticed when enabling a non-privileged user after having previously been running chronyd as root.
> If a directory already exists, create_dir just returns
>     if (S_ISDIR(buf.st_mode))
>       return 1;
>     LOG(LOGS_ERR, LOGF_Util, "%s is not directory", p);
>     return 0;
> I think there should be a call to chown(p, uid, gid) before the return. 

I'm not sure. I think that could be a dangerous operation. What if
someone misunderstood the requirements and set the socket path to
/var/run for instance?

> Not sure what to do with any existing directory contents. Maybe they should also be chown() 'd.

Probably better to not assume anything about the content.

> Or maybe the system administrator should be doing all this manually. :)

Yes, I'd rather leave that up to the admin or a package postinstall
script to allow an upgrade to a configuration dropping root

Isn't /var/run typically localted on a ramdisk or at least cleaned on
boot? In the worst case reboot should be able to fix it.

Miroslav Lichvar

To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Mail converted by MHonArc 2.6.19+