From: Matthias Kruk <m@m10k.eu>
Date: Sat, 19 Nov 2022 11:49:03 +0000 (+0900)
Subject: include/ipc: Adjust permissions to allow inter-user IPC
X-Git-Url: https://git.corax.cc/?a=commitdiff_plain;h=c39f4e99805b3d8973911f9f7f68283313ce4b69;p=toolbox

include/ipc: Adjust permissions to allow inter-user IPC

Because the sgid bit is not set on the IPC directory, endpoints do
not inherit the group ownership from the parent directory. Thus,
endpoints are created with a user's primary group instead of the IPC
group, making inter-user IPC communication impossible.

This commit modifies the IPC module and the post-install script of
the debian package so that the sgid bit is set on the IPC directory
and endpoints are created with the correct permissions for IPC
communication between users.
---

diff --git a/debian/postinst b/debian/postinst
index 154bcad..28fb0dd 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -20,7 +20,7 @@ main() {
 
 	if addgroup toolbox_ipc; then
 		if ! dpkg-statoverride --list /var/lib/toolbox/ipc >/dev/null 2>&1; then
-			dpkg-statoverride --update --add root toolbox_ipc 0770 /var/lib/toolbox/ipc
+			dpkg-statoverride --update --add root toolbox_ipc 2770 /var/lib/toolbox/ipc
 		fi
 	fi
 
diff --git a/include/ipc.sh b/include/ipc.sh
index 79b5bd0..2a63dac 100644
--- a/include/ipc.sh
+++ b/include/ipc.sh
@@ -505,7 +505,8 @@ ipc_endpoint_open() {
 		fi
 
 		if ! queue_init "$endpoint/queue" ||
-		   ! echo "$USER" > "$endpoint/owner"; then
+		   ! echo "$USER" > "$endpoint/owner" ||
+		   ! chmod -R g+rwxs "$endpoint"; then
 			if ! rm -rf "$endpoint"; then
 				log_error "Could not clean up $endpoint"
 			fi