TnSb
/
doasedit
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix some edge cases (srcfile not owned by root or not r/w by root); make sure we don't leak info to other users

This commit is contained in:
Joel Beckmeyer 2021-09-28 13:39:26 -04:00
parent 8ce796ba05
commit d4e87dabdb
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
doasedit
View File

@ -20,14 +20,18 @@ done
tempdir="/tmp/doasedit/$destfile_pfx" tempdir="/tmp/doasedit/$destfile_pfx"
mkdir -p $tempdir # we don't want any other users to be able to read what we're doing, so -m700
mkdir -m700 -p $tempdir
trap "rm -rf $tempdir" EXIT trap "rm -rf $tempdir" EXIT
srcfile="$(doas realpath $1)" srcfile="$(doas realpath $1)"
if doas [ -f "$srcfile" ]; then if doas [ -f "$srcfile" ]; then
doas cp $srcfile $tempdir/edit doas cp -a $srcfile $tempdir/file
doas chown -R $USER:$USER $tempdir/edit doas cp -a $tempdir/file $tempdir/edit
doas cp $srcfile $tempdir/file
# make sure that the file is editable by user
doas chown $USER:$USER $tempdir/edit
chmod 600 $tempdir/edit
else else
# create file with "regular" system permissions (root:root 644) # create file with "regular" system permissions (root:root 644)
touch $tempdir/file touch $tempdir/file
@ -38,7 +42,7 @@ $EDITOR $tempdir/edit
cat $tempdir/edit | doas tee $tempdir/file 1>/dev/null cat $tempdir/edit | doas tee $tempdir/file 1>/dev/null
if cmp -s "$tempdir/file" "$srcfile"; then if doas cmp -s "$tempdir/file" "$srcfile"; then
echo "Skipping write; no changes." echo "Skipping write; no changes."
exit 0 exit 0
else else