Closed sysvinit closed 3 years ago
This was done to avoid the extra chown, but there is no real reason to do that as long as there is no toctu issue between mkdir
and chown
.
https://github.com/Duncaen/OpenDoas/issues/47#issuecomment-769741401.
Ah, I hadn't seen that earlier issue, apologies. It does appear to be mostly a cosmetic thing, given the checks in the rest of the code, but I'll leave the discussions for the other issue.
When timestamp files are enabled,
doas
will by default attempt to create the timestamp directory if it doesn't already exist:https://github.com/Duncaen/OpenDoas/blob/9a25a6d7b6be3ed4ffb822c5a3fa178057d18329/timestamp.c#L265-L272
The build files install
doas
with mode 4755, i.e. setuid root, so that the effective user ID is set to root when the binary is executed:https://github.com/Duncaen/OpenDoas/blob/9a25a6d7b6be3ed4ffb822c5a3fa178057d18329/configure#L135
This means, however, that the process's real and effective group ID are set to that of the invoking user when
doas
is run. When the timestamp directory is then created, it is owned by the invoking user's primary group:This doesn't appear to be a big problem at first glance, though it may be unexpected behaviour, given that it discloses the group of the user who ran
doas
when the timestamp directory was created.(Additionally, the timestamp files themselves inherit the invoking user's group ID. This appears to be intentional (though I'm not immediately sure why), as there is an explicit check against the process's group ID here: https://github.com/Duncaen/OpenDoas/blob/9a25a6d7b6be3ed4ffb822c5a3fa178057d18329/timestamp.c#L224)