[Libguestfs] [PATCH] Make tmp directory world readable (RHBZ#610880).

Richard W.M. Jones rjones at redhat.com
Fri Jul 2 17:10:20 UTC 2010 

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 80 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora
-------------- next part --------------
>From 8fc878ed0a5c192f188d9793a79071f4012fbf70 Mon Sep 17 00:00:00 2001
From: Richard Jones <rjones at redhat.com>
Date: Fri, 2 Jul 2010 17:52:51 +0100
Subject: [PATCH] Make tmp directory world readable (RHBZ#610880).

If you have a restrictive umask (0077 for example) then
files in the tmp directory would be created with 0600
permissions.  Example:

drwx------.  2 rjones rjones     4096 Jul  2 17:52 .
drwxrwxrwt. 57 root   root     102400 Jul  2 17:52 ..
-rw-------.  1 rjones rjones 86328832 Jul  2 17:52 initrd
lrwxrwxrwx.  1 rjones rjones       46 Jul  2 17:52 kernel -> /boot/vmlinuz-2.6.33-0.40.rc7.git0.fc13.x86_64

This in itself is not a problem.  However in virt-v2v we also
change UID:GID and the result is that qemu is unable to read
the initrd file:

qemu: could not load initial ram disk '/tmp/libguestfs2ssynP/initrd'

With this patch we make the tmp directory and the files
world readable.  After the patch:

$ ls -la /tmp/libguestfsJFVzPg/
total 116192
drwxr-xr-x.  2 rjones rjones      4096 Jul  2 18:03 .
drwxrwxrwt. 56 root   root      102400 Jul  2 18:03 ..
-rw-r--r--.  1 rjones rjones 118869504 Jul  2 18:03 initrd
lrwxrwxrwx.  1 rjones rjones        46 Jul  2 18:03 kernel -> /boot/vmlinuz-2.6.33-0.40.rc7.git0.fc13.x86_64
---
 src/guestfs.c |   12 ++++++++++++
 1 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/src/guestfs.c b/src/guestfs.c
index 1439361..85a042a 100644
--- a/src/guestfs.c
+++ b/src/guestfs.c
@@ -982,6 +982,14 @@ guestfs__launch (guestfs_h *g)
     }
   }
 
+  /* Allow anyone to read the temporary directory.  There are no
+   * secrets in the kernel or initrd files.  The socket in this
+   * directory won't be readable but anyone can see it exists if they
+   * want. (RHBZ#610880).
+   */
+  if (chmod (g->tmpdir, 0755) == -1)
+    fprintf (stderr, "chmod: %s: %m (ignored)\n", g->tmpdir);
+
   /* First search g->path for the supermin appliance, and try to
    * synthesize a kernel and initrd from that.  If it fails, we
    * try the path search again looking for a backup ordinary
@@ -1590,7 +1598,11 @@ build_supermin_appliance (guestfs_h *g, const char *path,
   *initrd = safe_malloc (g, len + 8);
   snprintf (*initrd, len+8, "%s/initrd", g->tmpdir);
 
+  /* Set a sensible umask in the subprocess, so kernel and initrd
+   * output files are world-readable (RHBZ#610880).
+   */
   snprintf (cmd, sizeof cmd,
+            "umask 0002; "
             "febootstrap-supermin-helper%s "
             "-k '%s/kmod.whitelist' "
             "'%s/supermin.d' "
-- 
1.7.1

More information about the Libguestfs mailing list