17601119 gzip is unable to set permissions under file_chown_self privilege s11-update
authorVladimir Marek <Vladimir.Marek@oracle.com>
Thu, 24 Oct 2013 11:32:02 +0200
branchs11-update
changeset 2838 9db52525e999
parent 2837 4354bb214ece
child 2839 56a3d3f5eeb1
17601119 gzip is unable to set permissions under file_chown_self privilege
components/gzip/patches/chmod_chown.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/gzip/patches/chmod_chown.patch	Thu Oct 24 11:32:02 2013 +0200
@@ -0,0 +1,83 @@
+http://debbugs.gnu.org/cgi/bugreport.cgi?bug=15672
+
+The patch was changed so that it applies cleanly to our soruce tree.
+---
+Thanks for the suggestion.  Does the following patch work for you?
+I've pushed this to the savannah master for gzip.
+
+From 0f167be4f843ac5fcd8f0bc120202782d09a453f Mon Sep 17 00:00:00 2001
+From: Paul Eggert <[email protected]>
+Date: Thu, 24 Oct 2013 00:19:56 -0700
+Subject: [PATCH] gzip: fix permissions issue on Solaris-like systems
+
+I.e., on systems that let users give files away.
+* gzip.c (do_chown): New function.
+(copy_stat): Use it, to change the group, then the permissions,
+then the owner.  Idea suggested by Vladimir Marek in
+<http://bugs.gnu.org/15672#11>
+---
+ gzip.c | 33 ++++++++++++++++++++++++---------
+ 1 file changed, 24 insertions(+), 9 deletions(-)
+
+diff --git a/gzip.c b/gzip.c
+index 93cc738..f40cd21 100644
+--- a/gzip.c
++++ b/gzip.c
[email protected]@ -1684,6 +1684,21 @@ local int check_ofname()
+     return OK;
+ }
+ 
++/* Change the owner and group of a file.  FD is a file descriptor for
++   the file and NAME its name.  Change it to user UID and to group GID.
++   If UID or GID is -1, though, do not change the corresponding user
++   or group.  */
++static void
++do_chown (int fd, char const *name, uid_t uid, gid_t gid)
++{
++#ifndef NO_CHOWN
++# if HAVE_FCHOWN
++  ignore_value (fchown (fd, uid, gid));
++# else
++  ignore_value (chown (name, uid, gid));
++# endif
++#endif
++}
+ 
+ /* ========================================================================
+  * Copy modes, times, ownership from input file to output file.
[email protected]@ -1722,16 +1727,14 @@ local void copy_stat(ifstat)
+       }
+ #endif
+ 
+-#ifndef NO_CHOWN
+-    /* Copy ownership */
+-# if HAVE_FCHOWN
+-    ignore_value (fchown (ofd, ifstat->st_uid, ifstat->st_gid));
+-# elif HAVE_CHOWN
+-    ignore_value (chown (ofname, ifstat->st_uid, ifstat->st_gid));
+-# endif
+-#endif
++    /* Change the group first, then the permissions, then the owner.
++       That way, the permissions will be correct on systems that allow
++       users to give away files, without introducing a security hole.
++       Security depends on permissions not containing the setuid or
++       setgid bits.  */
++
++    do_chown (ofd, ofname, -1, ifstat->st_gid);
+ 
+-    /* Copy the protection modes */
+ #if HAVE_FCHMOD
+     r = fchmod (ofd, mode);
+ #else
[email protected]@ -1745,6 +1758,8 @@ local void copy_stat(ifstat)
+             perror(ofname);
+         }
+     }
++
++    do_chown (ofd, ofname, ifstat->st_uid, -1);
+ }
+ 
+ #if ! NO_DIR
+-- 
+1.8.3.1
+