From 6f1d65f4adb711a03ba9acecee00ee44a09d98e7 Mon Sep 17 00:00:00 2001 From: Matthias Kruk Date: Mon, 26 Dec 2022 14:10:04 +0900 Subject: [PATCH] include/uipc: Adjust permissions to allow inter-user IPC Because the sgid bit is not set on the uipc directory, endpoints do not inherit the group ownership from the parent directory. Thus, endpoints are created with a user's primary group instead of the IPC group, making inter-user IPC communication impossible. This commit modifies the uipc module and the post-install script of the debian package so that the sgid bit is set on the uipc directory and endpoints are created with the correct permissions for uipc communication between users. This commit also modifies the Makefile so that the uipc directory is created during toolbox installation. --- Makefile | 1 + debian/postinst | 4 ++++ include/uipc.sh | 3 ++- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index a148562..1bff3bb 100644 --- a/Makefile +++ b/Makefile @@ -15,6 +15,7 @@ install: mkdir -p $(DESTDIR)/$(PREFIX)/share/toolbox mkdir -p $(DESTDIR)/$(PREFIX)/bin mkdir -p $(DESTDIR)/var/lib/toolbox/ipc + mkdir -p $(DESTDIR)/var/lib/toolbox/uipc cp toolbox.sh $(DESTDIR)/$(PREFIX)/share/toolbox/. cp -r include $(DESTDIR)/$(PREFIX)/share/toolbox/. cp -r utils $(DESTDIR)/$(PREFIX)/share/toolbox/. diff --git a/debian/postinst b/debian/postinst index 28fb0dd..7076958 100755 --- a/debian/postinst +++ b/debian/postinst @@ -22,6 +22,10 @@ main() { if ! dpkg-statoverride --list /var/lib/toolbox/ipc >/dev/null 2>&1; then dpkg-statoverride --update --add root toolbox_ipc 2770 /var/lib/toolbox/ipc fi + + if ! dpkg-statoverride --list /var/lib/toolbox/uipc >/dev/null 2>&1; then + dpkg-statoverride --update --add root toolbox_ipc 2770 /var/lib/toolbox/uipc + fi fi return 0 diff --git a/include/uipc.sh b/include/uipc.sh index 5cae4d4..a2f2b75 100644 --- a/include/uipc.sh +++ b/include/uipc.sh @@ -270,7 +270,8 @@ uipc_endpoint_open() { fi if ! queue_init "$endpoint/queue" || - ! echo "$USER" > "$endpoint/owner"; then + ! echo "$USER" > "$endpoint/owner" || + ! chmod -R g+rwxs "$endpoint"; then if ! rm -rf "$endpoint"; then log_error "Could not clean up $endpoint" fi -- 2.47.3