From: Matthias Kruk <m@m10k.eu>
Date: Mon, 26 Dec 2022 05:10:04 +0000 (+0900)
Subject: include/uipc: Adjust permissions to allow inter-user IPC
X-Git-Url: https://git.corax.cc/?a=commitdiff_plain;h=6f1d65f4adb711a03ba9acecee00ee44a09d98e7;p=toolbox

include/uipc: Adjust permissions to allow inter-user IPC

Because the sgid bit is not set on the uipc directory, endpoints do
not inherit the group ownership from the parent directory. Thus,
endpoints are created with a user's primary group instead of the IPC
group, making inter-user IPC communication impossible.

This commit modifies the uipc module and the post-install script of
the debian package so that the sgid bit is set on the uipc directory
and endpoints are created with the correct permissions for uipc
communication between users.
This commit also modifies the Makefile so that the uipc directory is
created during toolbox installation.
---

diff --git a/Makefile b/Makefile
index a148562..1bff3bb 100644
--- a/Makefile
+++ b/Makefile
@@ -15,6 +15,7 @@ install:
 	mkdir -p $(DESTDIR)/$(PREFIX)/share/toolbox
 	mkdir -p $(DESTDIR)/$(PREFIX)/bin
 	mkdir -p $(DESTDIR)/var/lib/toolbox/ipc
+	mkdir -p $(DESTDIR)/var/lib/toolbox/uipc
 	cp toolbox.sh $(DESTDIR)/$(PREFIX)/share/toolbox/.
 	cp -r include $(DESTDIR)/$(PREFIX)/share/toolbox/.
 	cp -r utils   $(DESTDIR)/$(PREFIX)/share/toolbox/.
diff --git a/debian/postinst b/debian/postinst
index 28fb0dd..7076958 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -22,6 +22,10 @@ main() {
 		if ! dpkg-statoverride --list /var/lib/toolbox/ipc >/dev/null 2>&1; then
 			dpkg-statoverride --update --add root toolbox_ipc 2770 /var/lib/toolbox/ipc
 		fi
+
+		if ! dpkg-statoverride --list /var/lib/toolbox/uipc >/dev/null 2>&1; then
+			dpkg-statoverride --update --add root toolbox_ipc 2770 /var/lib/toolbox/uipc
+		fi
 	fi
 
 	return 0
diff --git a/include/uipc.sh b/include/uipc.sh
index 5cae4d4..a2f2b75 100644
--- a/include/uipc.sh
+++ b/include/uipc.sh
@@ -270,7 +270,8 @@ uipc_endpoint_open() {
 		fi
 
 		if ! queue_init "$endpoint/queue" ||
-		   ! echo "$USER" > "$endpoint/owner"; then
+		   ! echo "$USER" > "$endpoint/owner" ||
+		   ! chmod -R g+rwxs "$endpoint"; then
 			if ! rm -rf "$endpoint"; then
 				log_error "Could not clean up $endpoint"
 			fi