main/archives.c: create files, fifos, devices and directories with mode 0

  too close a small window when they are readable before we apply the correct
  permissions.
main/archives.c: newtarobject_allmodes() updated to handle statoverrides

diff --git a/ChangeLog b/ChangeLog
index 4016293ea502826fade8907871438e89b82bb5ee..5c7ec313ddb5c44f9aef89373bb4fe993f4c59e2 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Wed Dec 13 16:48:47 CET 2000 Wichert Akkerman <wakkerma@debian.org>
+
+  * main/archives.c: create files, fifos, devices and directories with mode 0
+    too close a small window when they are readable before we apply the correct
+    permissions.
+  * main/archives.c: newtarobject_allmodes() updated to handle statoverrides
+
 Tue Dec 12 16:27:59 CET 2000 Wichert Akkerman <wakkerma@debian.org>
 
   * scripts/dpkg-statoverride.pl: fix warning when trying to remove a

diff --git a/debian/changelog b/debian/changelog
index 1d6a9ffed49706e78c2b98254b4e41ba1782bb65..00eb615244d88ade61f795822a3fd82b008559f2 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,6 +13,8 @@ dpkg (1.8.0) unstable; urgency=low
   * Add gettext to build-depends
   * Fix warning when trying to remove a non-existing statoverride.
     Closes: Bug#79352
+  * Be more paranoid with file permissions when extracing files
+  * Apply statoverrides to more then just files
 
  -- Wichert Akkerman <wakkerma@debian.org>  UNRELEASED
 

diff --git a/main/archives.c b/main/archives.c
index 72a2780379867b514c1b9896da6ddb7c397a7b39..9397fe940c0eec8231306e0cf17cbdcec4cbf957 100644 (file)
--- a/main/archives.c
+++ b/main/archives.c
@@ -165,10 +165,12 @@ static void newtarobject_utime(const char *path, struct TarInfo *ti) {
     ohshite(_("error setting timestamps of `%.255s'"),ti->Name);
 }
 
-static void newtarobject_allmodes(const char *path, struct TarInfo *ti) {
-  if (chown(path,ti->UserID,ti->GroupID))
+static void newtarobject_allmodes(const char *path, struct TarInfo *ti, struct filestatoverride* statoverride) {
+  if (chown(path,
+           statoverride ? statoverride->uid : ti->UserID,
+           statoverride ? statoverride->gid : ti->GroupID))
     ohshite(_("error setting ownership of `%.255s'"),ti->Name);
-  if (chmod(path,ti->Mode & ~S_IFMT))
+  if (chmod(path,(statoverride ? statoverride->mode : ti->Mode) & ~S_IFMT))
     ohshite(_("error setting permissions of `%.255s'"),ti->Name);
   newtarobject_utime(path,ti);
 }
@@ -392,8 +394,10 @@ int tarobject(struct TarInfo *ti) {
   /* Extract whatever it is as .dpkg-new ... */
   switch (ti->Type) {
   case NormalFile0: case NormalFile1:
-    fd= open(fnamenewvb.buf, O_CREAT|O_EXCL|O_WRONLY,
-             ti->Mode & (S_IRUSR|S_IRGRP|S_IROTH));
+    /* We create the file with mode 0 to make sure nobody can do anything with
+     * it until we apply the proper mode, which might be a statoverride.
+     */
+    fd= open(fnamenewvb.buf, (O_CREAT|O_EXCL|O_WRONLY), 0);
     if (fd < 0) ohshite("unable to create `%.255s'",ti->Name);
     thefile= fdopen(fd,"w");
     if (!thefile) { close(fd); ohshite(_("unable to fdopen for `%.255s'"),ti->Name); }
@@ -438,17 +442,17 @@ int tarobject(struct TarInfo *ti) {
     newtarobject_utime(fnamenewvb.buf,ti);
     break;
   case FIFO:
-    if (mkfifo(fnamenewvb.buf,am))
+    if (mkfifo(fnamenewvb.buf,0))
       ohshite(_("error creating pipe `%.255s'"),ti->Name);
     debug(dbg_eachfiledetail,"tarobject FIFO");
-    newtarobject_allmodes(fnamenewvb.buf,ti);
+    newtarobject_allmodes(fnamenewvb.buf,ti, nifd->namenode->statoverride);
     break;
   case CharacterDevice: case BlockDevice:
-    if (mknod(fnamenewvb.buf,am,ti->Device))
+    if (mknod(fnamenewvb.buf,0,ti->Device))
       ohshite(_("error creating device `%.255s'"),ti->Name);
     debug(dbg_eachfiledetail,"tarobject CharacterDevice|BlockDevice");
-    newtarobject_allmodes(fnamenewvb.buf,ti);
-    break;
+    newtarobject_allmodes(fnamenewvb.buf,ti, nifd->namenode->statoverride);
+    break; 
   case HardLink:
     varbufreset(&hardlinkfn);
     varbufaddstr(&hardlinkfn,instdir); varbufaddc(&hardlinkfn,'/');
@@ -456,7 +460,7 @@ int tarobject(struct TarInfo *ti) {
     if (link(hardlinkfn.buf,fnamenewvb.buf))
       ohshite(_("error creating hard link `%.255s'"),ti->Name);
     debug(dbg_eachfiledetail,"tarobject HardLink");
-    newtarobject_allmodes(fnamenewvb.buf,ti);
+    newtarobject_allmodes(fnamenewvb.buf,ti, nifd->namenode->statoverride);
     break;
   case SymbolicLink:
     /* We've already cheched for an existing directory. */
@@ -474,11 +478,10 @@ int tarobject(struct TarInfo *ti) {
     break;
   case Directory:
     /* We've already checked for an existing directory. */
-    if (mkdir(fnamenewvb.buf,
-              am & (S_IRUSR|S_IRGRP|S_IROTH | S_IXUSR|S_IXGRP|S_IXOTH)))
+    if (mkdir(fnamenewvb.buf,0))
       ohshite(_("error creating directory `%.255s'"),ti->Name);
     debug(dbg_eachfiledetail,"tarobject Directory creating");
-    newtarobject_allmodes(fnamenewvb.buf,ti);
+    newtarobject_allmodes(fnamenewvb.buf,ti,nifd->namenode->statoverride);
     break;
   default:
     internerr("bad tar type, but already checked");