URL: https://github.com/SSSD/sssd/pull/5882 Author: thalman Title: #5882: CONFDB: check the return values Action: opened
PR body: """ Covscan pointed out that return value of chown and sete[ug]id is not checked in some cases. There is not much we can do in case of failure so only minor failure is logged. Resolves: https://github.com/SSSD/sssd/issues/5876 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5882/head:pr5882 git checkout pr5882
From 75353f32cdcb1503c4536506f94094e10c60ee61 Mon Sep 17 00:00:00 2001 From: Tomas Halman <thal...@redhat.com> Date: Thu, 18 Nov 2021 17:43:19 +0100 Subject: [PATCH] CONFDB: check the return values Covscan pointed out that return value of chown and sete[ug]id is not checked in some cases. There is not much we can do in case of failure so only minor failure is logged. Resolves: https://github.com/SSSD/sssd/issues/5876 --- src/confdb/confdb.c | 6 +++++- src/util/usertools.c | 17 +++++++++++++---- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 6a6fac916e..9cc1e82d2a 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -685,7 +685,11 @@ int confdb_init(TALLOC_CTX *mem_ctx, old_umask = umask(SSS_DFL_UMASK); /* file may exists and could be owned by root from previous version */ sss_sssd_user_uid_and_gid(&sssd_uid, &sssd_gid); - chown(confdb_location, sssd_uid, sssd_gid); + ret = chown(confdb_location, sssd_uid, sssd_gid); + if (ret != EOK && errno != ENOENT) { + DEBUG(SSSDBG_MINOR_FAILURE, "Unable to chown config database [%s]\n", + confdb_location); + } sss_set_sssd_user_eid(); ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL); diff --git a/src/util/usertools.c b/src/util/usertools.c index 370a98b417..324fc107e5 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -863,17 +863,26 @@ void sss_set_sssd_user_eid(void) uid_t uid; gid_t gid; + if (geteuid() == 0) { sss_sssd_user_uid_and_gid(&uid, &gid); - seteuid(uid); - setegid(gid); + if (seteuid(uid) != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, "failed to set euid to %"SPRIuid"\n", uid); + } + if (setegid(gid) != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, "failed to set egid to %"SPRIgid"\n", gid); + } } } void sss_restore_sssd_user_eid(void) { if (getuid() == 0) { - seteuid(getuid()); - setegid(getgid()); + if (seteuid(getuid()) != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, "failed to restore euid\n"); + } + if (setegid(getgid()) != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, "failed to restore egid\n"); + } } }
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure