include/ipc: Adjust permissions to allow inter-user IPC

Because the sgid bit is not set on the IPC directory, endpoints do
not inherit the group ownership from the parent directory. Thus,
endpoints are created with a user's primary group instead of the IPC
group, making inter-user IPC communication impossible.

This commit modifies the IPC module and the post-install script of
the debian package so that the sgid bit is set on the IPC directory
and endpoints are created with the correct permissions for IPC
communication between users.

diff --git a/debian/postinst b/debian/postinst
index 154bcadc20a5e3fd0f974cd131e6008d0c403536..28fb0dd5bfe946a50a7e2a8fe50737fc58ff823e 100755 (executable)
--- a/debian/postinst
+++ b/debian/postinst
@@ -20,7 +20,7 @@ main() {
 
        if addgroup toolbox_ipc; then
                if ! dpkg-statoverride --list /var/lib/toolbox/ipc >/dev/null 2>&1; then
-                       dpkg-statoverride --update --add root toolbox_ipc 0770 /var/lib/toolbox/ipc
+                       dpkg-statoverride --update --add root toolbox_ipc 2770 /var/lib/toolbox/ipc
                fi
        fi
 

diff --git a/include/ipc.sh b/include/ipc.sh
index 79b5bd0ce1067fc8354149270bcfce515c24f1de..2a63dac0d1e10f1f83ec75344ee9fcec4bbed61b 100644 (file)
--- a/include/ipc.sh
+++ b/include/ipc.sh
@@ -505,7 +505,8 @@ ipc_endpoint_open() {
                fi
 
                if ! queue_init "$endpoint/queue" ||
-                  ! echo "$USER" > "$endpoint/owner"; then
+                  ! echo "$USER" > "$endpoint/owner" ||
+                  ! chmod -R g+rwxs "$endpoint"; then
                        if ! rm -rf "$endpoint"; then
                                log_error "Could not clean up $endpoint"
                        fi