Files in the download cache should be read-only.
Signed-off-by: Frank Ch. Eigler <fche@redhat.com>
2021-04-26 Frank Ch. Eigler <fche@redhat.com>
+ PR27571
+ * debuginfod-client.c (debuginfod_query_server): Chmod 0400 files
+ delivered into the cache to prevent accidental modification.
+
+2021-04-26 Frank Ch. Eigler <fche@redhat.com>
+
PR26125
* debuginfod-client.c (debuginfod_clean_cache): For directory
rmdir, check mtime first.
/* Because of a race with cache cleanup / rmdir, try to mkdir/mkstemp up to twice. */
for(int i=0; i<2; i++) {
/* (re)create target directory in cache */
- (void) mkdir(target_cache_dir, 0700);
+ (void) mkdir(target_cache_dir, 0700); /* files will be 0400 later */
/* NB: write to a temporary file first, to avoid race condition of
multiple clients checking the cache, while a partially-written or empty
tvs[0].tv_usec = tvs[1].tv_usec = 0;
(void) futimes (fd, tvs); /* best effort */
+ /* PR27571: make cache files casually unwriteable; dirs are already 0700 */
+ (void) fchmod(fd, 0400);
+
/* rename tmp->real */
rc = rename (target_cache_tmppath, target_cache_path);
if (rc < 0)
+2021-04-26 Frank Ch. Eigler <fche@redhat.com>
+
+ PR27571
+ * run-debuginfod-find.sh: Add test case for unwriteable cache files.
+
2021-04-23 Omar Sandoval <osandov@fb.com>
* run-low_high_pc-dw-form-indirect.sh: New file.
rm -rf $DEBUGINFOD_CACHE_PATH # clean it from previous tests
filename=`testrun ${abs_top_builddir}/debuginfod/debuginfod-find debuginfo $BUILDID`
cmp $filename F/prog.debug
+if [ -w $filename ]; then
+ echo "cache file writable, boo"
+ exit 1
+fi
filename=`testrun ${abs_top_builddir}/debuginfod/debuginfod-find executable F/prog`
cmp $filename F/prog