Fix permissions and group of pids file and logs. Permissions should be 0664

and group should be 'portage'.  Bug #34260.

3 files changed, 35 insertions, 15 deletions

diff --git a/src/sandbox-1.1/ChangeLog b/src/sandbox-1.1/ChangeLog
index 04c26c9..6daf613 100644
--- a/src/sandbox-1.1/ChangeLog
+++ b/src/sandbox-1.1/ChangeLog
@@ -1,6 +1,10 @@
 # ChangeLog for Path Sandbox
 # Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/ChangeLog,v 1.30 2004/02/28 21:52:56 azarah Exp $
+# $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/ChangeLog,v 1.31 2004/02/29 13:52:20 azarah Exp $
+
+  29 Feb 2004; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox_futils.c :
+  Fix permissions and group of pids file and logs.  Permissions should be 0664
+  and group should be 'portage'.  Bug #34260.
 
   28 Feb 2004; Martin Schlemmer <azarah@gentoo.org> libsandbox.c :
   Besides a small cleanup, redo how we replace LD_PRELOAD in the environ passed
diff --git a/src/sandbox-1.1/sandbox.c b/src/sandbox-1.1/sandbox.c
index 34daca7..b0ec2d4 100644
--- a/src/sandbox-1.1/sandbox.c
+++ b/src/sandbox-1.1/sandbox.c
@@ -11,7 +11,7 @@
 **    Copyright (C) 2001 Geert Bevin, Uwyn, http://www.uwyn.com
 **    Distributed under the terms of the GNU General Public License, v2 or later 
 **    Author : Geert Bevin <gbevin@uwyn.com>
-**  $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/sandbox.c,v 1.13 2004/01/12 21:11:46 carpaski Exp $
+**  $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/sandbox.c,v 1.14 2004/02/29 13:52:20 azarah Exp $
 */
 
 #define _GNU_SOURCE
@@ -193,7 +193,7 @@ cleanup()
 			return;
 		}
 
-		pids_file = file_open(sandbox_pids_file, "r+", 1, 0664);
+		pids_file = file_open(sandbox_pids_file, "r+", 1, 0664, "portage");
 		if (-1 == pids_file) {
 			success = 0;
 			/* Nothing more to do here */
@@ -213,7 +213,7 @@ cleanup()
 			if (print_debug)
 				printf("Cleaning up /etc/ld.so.preload.\n");
 
-			preload_file = file_open("/etc/ld.so.preload", "r+", 1, 0664);
+			preload_file = file_open("/etc/ld.so.preload", "r+", 1, 0644);
 			if (-1 != preload_file) {
 				/* Load all the preload libraries into an array */
 				num_of_preloads = load_preload_libs(preload_file, &preload_array);
@@ -400,7 +400,7 @@ print_sandbox_log(char *sandbox_log)
 	long len = 0;
 	char *buffer = NULL;
 
-	sandbox_log_file = file_open(sandbox_log, "r", 1, 0664);
+	sandbox_log_file = file_open(sandbox_log, "r", 1, 0664, "portage");
 	if (-1 == sandbox_log_file)
 		return 0;
 
@@ -607,7 +607,7 @@ main(int argc, char **argv)
 
 		if (getuid() == 0) {
 			/* Our r+ also will create the file if it doesn't exist */
-			preload_file = file_open("/etc/ld.so.preload", "r+", 1, 0664);
+			preload_file = file_open("/etc/ld.so.preload", "r+", 1, 0644);
 			if (-1 == preload_file) {
 				preload_adaptable = 0;
 /*      exit(1);*/
@@ -799,7 +799,7 @@ main(int argc, char **argv)
 			success = 0;
 			fprintf(stderr, ">>> %s is not a regular file", sandbox_pids_file);
 		} else {
-			pids_file = file_open(sandbox_pids_file, "r+", 1, 0664);
+			pids_file = file_open(sandbox_pids_file, "r+", 1, 0664, "portage");
 			if (-1 == pids_file)
 				success = 0;
 		}
diff --git a/src/sandbox-1.1/sandbox_futils.c b/src/sandbox-1.1/sandbox_futils.c
index e5c1758..6016fb1 100644
--- a/src/sandbox-1.1/sandbox_futils.c
+++ b/src/sandbox-1.1/sandbox_futils.c
@@ -3,7 +3,7 @@
  * Distributed under the terms of the GNU General Public License, v2 or later 
  * Author: Brad House <brad@mainstreetsoftworks.com>
  *
- * $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/sandbox_futils.c,v 1.6 2004/01/24 19:03:19 carpaski Exp $
+ * $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/sandbox_futils.c,v 1.7 2004/02/29 13:52:20 azarah Exp $
  * 
  */
 
@@ -23,6 +23,7 @@
 #include <sys/wait.h>
 #include <unistd.h>
 #include <fcntl.h>
+#include <grp.h>
 
 #include "sandbox.h"
 
@@ -96,7 +97,6 @@ get_sandbox_log()
 
 	strcpy(path, LOG_FILE_PREFIX);
 
-
 	/* THIS CHUNK BREAK THINGS BY DOING THIS:
 	 * SANDBOX_LOG=/tmp/sandbox-app-admin/superadduser-1.0.7-11063.log
 	 */
@@ -107,7 +107,6 @@ get_sandbox_log()
 		strcat(path, "-");
 	}
 
-
 	strcat(path, pid_string);
 	strcat(path, LOG_FILE_EXT);
 	return (strdup(path));
@@ -289,22 +288,39 @@ file_open(char *filename, char *mode, int perm_specified, ...)
 	char error[250];
 	va_list ap;
 	int perm;
+	char *group = NULL;
+	struct group *group_struct;
 
 	if (perm_specified) {
 		va_start(ap, perm_specified);
 		perm = va_arg(ap, int);
+		group = va_arg(ap, char *);
 		va_end(ap);
 	}
-	if (perm_specified) {
-		fd = open(filename, file_getmode(mode), perm);
-	} else {
-		fd = open(filename, file_getmode(mode));
-	}
+	fd = open(filename, file_getmode(mode));
 	if (-1 == fd) {
 		snprintf(error, 249, ">>> %s file mode: %s open", filename, mode);
 		perror(error);
 		return (fd);
 	}
+	if (perm_specified) {
+		if (fchmod(fd, 0664) && (0 == getuid())) {
+			snprintf(error, 249, ">>> Could not set mode: %s", filename);
+			perror(error);
+		}
+	}
+	if (NULL != group) {
+		group_struct = getgrnam(group);
+		if (NULL == group) {
+			snprintf(error, 249, ">>> Could not get grp number: %s", group);
+			perror(error);
+		} else {
+			if (fchown(fd, -1, group_struct->gr_gid) && (0 == getuid())) {
+				snprintf(error, 249, ">>> Could not set group: %s", filename);
+				perror(error);
+			}
+		}
+	}
 	/* Only lock the file if opening succeeded */
 	if (-1 != fd) {
 		if (0 == file_lock(fd, file_locktype(mode), filename)) {