From 12bb4a75dbc19e2650eb7a3155ee44ae1048ae79 Mon Sep 17 00:00:00 2001 From: dec05eba Date: Tue, 17 Sep 2024 18:22:19 +0200 Subject: Make local kms server proxy file creation atomic with rename --- main.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'main.c') diff --git a/main.c b/main.c index bc1f589..8084021 100644 --- a/main.c +++ b/main.c @@ -80,10 +80,12 @@ static int create_local_kms_server_proxy_directory(const char *home) { return 1; } -static int create_local_kms_server_proxy_file(const char *source_path, const char *dest_path) { +static int create_local_kms_server_proxy_file_atomic(const char *source_path, const char *dest_path) { int in_fd = -1; int out_fd = -1; int res = 0; + char tmp_filepath[PATH_MAX]; + snprintf(tmp_filepath, sizeof(tmp_filepath), "%s.tmp", dest_path); in_fd = open(source_path, O_RDONLY); if(in_fd == -1) @@ -93,7 +95,7 @@ static int create_local_kms_server_proxy_file(const char *source_path, const cha if(fstat(in_fd, &st) == -1) goto done; - out_fd = open(dest_path, O_RDWR | O_CREAT | O_TRUNC, 0755); + out_fd = open(tmp_filepath, O_RDWR | O_CREAT | O_TRUNC, 0755); if(out_fd == -1) goto done; @@ -109,7 +111,10 @@ static int create_local_kms_server_proxy_file(const char *source_path, const cha close(out_fd); if(res) - res = file_set_sys_admin_capability(dest_path, 1); + res = file_set_sys_admin_capability(tmp_filepath, 1); + + if(res) + rename(tmp_filepath, dest_path); return res; } @@ -165,7 +170,7 @@ int main(int argc, char **argv) { return execvp(args[0], (char *const*)args); } else if(geteuid() == 0) { /* is current user root */ file_set_sys_admin_capability(gsr_kms_server_filepath, 0); - create_local_kms_server_proxy_file(self_path, kms_server_proxy_local_filepath); + create_local_kms_server_proxy_file_atomic(self_path, kms_server_proxy_local_filepath); const char *args[] = { gsr_kms_server_filepath, initial_socket_path, card_path, NULL }; return execv(args[0], (char *const*)args); -- cgit v1.2.3