diff options
| author | Lee Duncan <lduncan@suse.com> | 2023-04-24 10:34:39 -0700 |
|---|---|---|
| committer | Lee Duncan <lduncan@suse.com> | 2023-04-24 10:34:39 -0700 |
| commit | b8eb1933d4fdcbe806edead8cfa94879d0fc2015 (patch) | |
| tree | 44148cb84a3f645ec00826561d5f634b7bc01957 | |
| parent | f26c1ae9d255e7db4c3cb51c72dc081e17ad25a4 (diff) | |
| download | targetcli-b8eb1933d4fdcbe806edead8cfa94879d0fc2015.tar.gz | |
Fix changing savedir directory mode
Commit 9f5764dac39b ("saveconfig: set right perms on /etc/target/ dir")
fixed CVE-2020-13867 by ensuring that the mode of the target
meta-data directory (/etc/target) was always mode 0600. But users
can specify a different directory, such as "/tmp", and we don't
want targetcli changing the mode of such directories to 0600. So
only change the mode of the directory, when saving a config file,
if the directory is /etc/target.
| -rw-r--r-- | targetcli/ui_root.py | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/targetcli/ui_root.py b/targetcli/ui_root.py index 39e5ee9..79ee985 100644 --- a/targetcli/ui_root.py +++ b/targetcli/ui_root.py @@ -34,8 +34,9 @@ from .ui_backstore import complete_path, UIBackstores from .ui_node import UINode from .ui_target import UIFabricModule -default_save_file = "/etc/target/saveconfig.json" -universal_prefs_file = "/etc/target/targetcli.conf" +default_target_dir = "/etc/target" +default_save_file = os.path.join(default_target_dir, "saveconfig.json") +universal_prefs_file = os.path.join(default_target_dir, "targetcli.conf") class UIRoot(UINode): ''' @@ -112,8 +113,9 @@ class UIRoot(UINode): finally: os.umask(umask_original) else: - if (os.stat(dirname).st_mode & 0o777) != mode: - os.chmod(dirname, mode) + if dirname == default_target_dir: + if (os.stat(dirname).st_mode & 0o777) != mode: + os.chmod(dirname, mode) def _save_backups(self, savefile): ''' |