[prev in list] [next in list] [prev in thread] [next in thread] 

List:       lxc-devel
Subject:    [lxc-devel] [patch -lxc 4/6] fix log appending to any file
From:       dlezcano () fr ! ibm ! com (Daniel Lezcano)
Date:       2010-07-12 12:56:46
Message-ID: 1278939408-4086-5-git-send-email-dlezcano () fr ! ibm ! com
[Download RAW message or body]

With the capabilities, the open of the log file can be done on any
file, making possible to modifify the content of the file.

Let's drop the privilege when opening the file, so we ensure that is
no longer possible.

Signed-off-by: Daniel Lezcano <dlezcano at fr.ibm.com>
---
 src/lxc/log.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/lxc/log.c b/src/lxc/log.c
index 596ed99..0661360 100644
--- a/src/lxc/log.c
+++ b/src/lxc/log.c
@@ -33,7 +33,8 @@
 #include <fcntl.h>
 #include <stdlib.h>
 
-#include <lxc/log.h>
+#include "log.h"
+#include "caps.h"
 
 #define LXC_LOG_PREFIX_SIZE	32
 #define LXC_LOG_BUFFER_SIZE	512
@@ -127,7 +128,8 @@ static int log_open(const char *name)
 	int fd;
 	int newfd;
 
-	fd = open(name, O_CREAT | O_WRONLY | O_APPEND | O_CLOEXEC, 0666);
+	fd = lxc_unpriv(open(name, O_CREAT | O_WRONLY |
+			     O_APPEND | O_CLOEXEC, 0666));
 	if (fd == -1) {
 		ERROR("failed to open log file \"%s\" : %s", name,
 		      strerror(errno));
-- 
1.7.0.4




[prev in list] [next in list] [prev in thread] [next in thread]