QubesOS/qubes-linux-utils
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

filecopy: really do not use O_TMPFILE when use_tmpfile==0

Browse Source 
When file opened with O_TMPFILE but use_tmpfile==0, the file will not be
linked to the directory (the code at the end of process_one_file_reg).
Additionally it is waste of time trying using O_TMPFILE when it's
already known it shouldn't be.
Also use_tmpfile==0 can mean we don't have access to /proc
(set_procfs_fd wasn't called), so even if linking the file to its
directory would be attempted, it would fail. This is the case for
dom0-updates copy.
This commit is contained in:
Marek Marczykowski-Górecki 2015-01-21 15:23:04 +01:00
parent 509ae49001
commit d88242bb99
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
qrexec-lib/unpack.c
View File

@ -104,15 +104,19 @@ void process_one_file_reg(struct file_header *untrusted_hdr,
const char *untrusted_name) const char *untrusted_name)
{ {
int ret; int ret;
int fdout; int fdout = -1;
/* make the file inaccessible until fully written */ /* make the file inaccessible until fully written */
fdout = open(".", O_WRONLY | O_TMPFILE, 0700); if (use_tmpfile) {
if (fdout < 0 && errno==ENOENT) { fdout = open(".", O_WRONLY | O_TMPFILE, 0700);
/* if it fails, do not attempt further use - most likely kernel too old */ if (fdout < 0 && errno==ENOENT) {
use_tmpfile = 0; /* if it fails, do not attempt further use - most likely kernel too old */
fdout = open(untrusted_name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0000); /* safe because of chroot */ use_tmpfile = 0;
} else
do_exit(errno, untrusted_name);
} }
if (fdout < 0)
fdout = open(untrusted_name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0000); /* safe because of chroot */
if (fdout < 0) if (fdout < 0)
do_exit(errno, untrusted_name); do_exit(errno, untrusted_name);
/* sizes are signed elsewhere */ /* sizes are signed elsewhere */