[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Jailkit-dev] [bug #46930] Be more relax on jail group ownership
|
From: |
anonymous |
|
Subject: |
[Jailkit-dev] [bug #46930] Be more relax on jail group ownership |
|
Date: |
Tue, 19 Jan 2016 10:35:56 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; OpenBSD amd64; rv:42.0) Gecko/20100101 Firefox/42.0 |
Follow-up Comment #1, bug #46930 (project jailkit):
Maybe this diff, I'm not good in code :)
--- jk_lib.py.orig Tue Jan 19 11:21:16 2016
+++ jk_lib.py Tue Jan 19 11:32:16 2016
@@ -65,18 +65,9 @@ def path_is_safe(path, failquiet=0):
if (failquiet == 0):
sys.stderr.write('ERROR: cannot lstat() '+path+'n')
return -1
- if (sys.platform[-3:] == 'bsd'):
- # on freebsd root is in group wheel
- if (statbuf[stat.ST_UID] != 0 or statbuf[stat.ST_GID] !=
grp.getgrnam('wheel').gr_gid):
- sys.stderr.write('ERROR: '+path+' is not owned by
root:wheel!n')
- return -3
- else:
- if (statbuf[stat.ST_UID] != 0 or statbuf[stat.ST_GID] != 0):
- sys.stderr.write('ERROR: '+path+' is not owned by
root:root!n')
- return -3
- if ((statbuf[stat.ST_MODE] & stat.S_IWOTH or statbuf[stat.ST_MODE] &
stat.S_IWGRP)and not stat.S_ISLNK(statbuf[stat.ST_MODE])):
- sys.stderr.write('ERROR: '+path+' is writable by group or
others!')
- return -4
+ if (statbuf[stat.ST_UID] != 0 or (statbuf[stat.ST_GID] & 022 ) != 0):
+ sys.stderr.write('ERROR: '+path+' is not owned by root or bad
mode!n')
+ return -3
if (not stat.S_ISDIR(statbuf[stat.ST_MODE])):
if (stat.S_ISLNK(statbuf[stat.ST_MODE])):
# Fedora has moved /sbin /lib and /bin into /usr
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?46930>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/