URL: https://github.com/SSSD/sssd/pull/5882 Author: thalman Title: #5882: CONFDB: check the return values Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5882/head:pr5882 git checkout pr5882
From 0db7c401ee40a1351da7d915a7e3d6a5539522dc Mon Sep 17 00:00:00 2001 From: Tomas Halman <thal...@redhat.com> Date: Thu, 18 Nov 2021 17:43:19 +0100 Subject: [PATCH] CONFDB: check the return values Covscan pointed out that return value of chown and sete[ug]id is not checked in some cases. There is not much we can do in case of failure so only minor failure is logged. Resolves: https://github.com/SSSD/sssd/issues/5876 --- src/confdb/confdb.c | 6 +++++- src/util/usertools.c | 25 +++++++++++++++++++++---- 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 6a6fac916e..e557b469cb 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -685,7 +685,11 @@ int confdb_init(TALLOC_CTX *mem_ctx, old_umask = umask(SSS_DFL_UMASK); /* file may exists and could be owned by root from previous version */ sss_sssd_user_uid_and_gid(&sssd_uid, &sssd_gid); - chown(confdb_location, sssd_uid, sssd_gid); + ret = chown(confdb_location, sssd_uid, sssd_gid); + if (ret != EOK && errno != ENOENT) { + DEBUG(SSSDBG_MINOR_FAILURE, "Unable to chown config database [%s]: %s\n", + confdb_location, sss_strerror(errno)); + } sss_set_sssd_user_eid(); ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL); diff --git a/src/util/usertools.c b/src/util/usertools.c index 370a98b417..72deceeee6 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -863,17 +863,34 @@ void sss_set_sssd_user_eid(void) uid_t uid; gid_t gid; + if (geteuid() == 0) { sss_sssd_user_uid_and_gid(&uid, &gid); - seteuid(uid); - setegid(gid); + if (seteuid(uid) != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Failed to set euid to %"SPRIuid": %s\n", + uid, sss_strerror(errno)); + } + if (setegid(gid) != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Failed to set egid to %"SPRIgid": %s\n", + gid, sss_strerror(errno)); + } } } void sss_restore_sssd_user_eid(void) { if (getuid() == 0) { - seteuid(getuid()); - setegid(getgid()); + if (seteuid(getuid()) != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Failed to restore euid: %s\n", + sss_strerror(errno)); + } + if (setegid(getgid()) != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Failed to restore egid: %s\n", + sss_strerror(errno)); + } } }
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure