projects / platform / upstream / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 25e68fd) | patch
core: drop suid/sgid bit of files/dirs when doing recursive chown
authorLennart Poettering <lennart@poettering.net>
Mon, 25 Mar 2019 15:21:11 +0000 (16:21 +0100)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Tue, 26 Mar 2019 07:29:37 +0000 (08:29 +0100)
commit607b358ef2df56cb3451e68b1489c5788882dfd3
tree0c964b407fa5c33642125c92af4553ba1328a1bbtree | snapshot
parent25e68fd3974a324289b0a90269c5c5fa900e2ba7commit | diff
core: drop suid/sgid bit of files/dirs when doing recursive chown

This adds some extra paranoia: when we recursively chown a directory for
use with DynamicUser=1 services we'll now drop suid/sgid from all files
we chown().

Of course, such files should not exist in the first place, and noone
should get access to those dirs who isn't root anyway, but let's better
be safe than sorry, and drop everything we come across.
src/core/chown-recursive.c diff | blob | history
src/core/chown-recursive.h diff | blob | history
src/core/execute.c diff | blob | history
src/test/test-chown-rec.c diff | blob | history
Domain: System / System Framework;