| Index: user_collector.cc
|
| diff --git a/user_collector.cc b/user_collector.cc
|
| index 02025c20d9db86a53b3193e4c5474721a42cd1e1..6fa368d0560aeeebf09d8ac381c51046d6002ced 100644
|
| --- a/user_collector.cc
|
| +++ b/user_collector.cc
|
| @@ -4,17 +4,13 @@
|
|
|
| #include "crash-reporter/user_collector.h"
|
|
|
| -#include <fcntl.h> // For creat.
|
| #include <grp.h> // For struct group.
|
| #include <pwd.h> // For struct passwd.
|
| #include <sys/types.h> // For getpwuid_r, getgrnam_r, WEXITSTATUS.
|
| -#include <sys/wait.h> // For waitpid.
|
| -#include <unistd.h> // For execv and fork.
|
|
|
| #include <string>
|
| #include <vector>
|
|
|
| -#include "base/eintr_wrapper.h"
|
| #include "base/file_util.h"
|
| #include "base/logging.h"
|
| #include "base/string_util.h"
|
| @@ -176,9 +172,10 @@ void UserCollector::EnqueueCollectionErrorLog(pid_t pid,
|
| std::string dump_basename = FormatDumpBasename(exec, time(NULL), pid);
|
| FilePath log_path = GetCrashPath(crash_path, dump_basename, "log");
|
| FilePath meta_path = GetCrashPath(crash_path, dump_basename, "meta");
|
| - file_util::WriteFile(log_path,
|
| - error_log_.data(),
|
| - error_log_.length());
|
| + // We must use WriteNewFile instead of file_util::WriteFile as we do
|
| + // not want to write with root access to a symlink that an attacker
|
| + // might have created.
|
| + WriteNewFile(log_path, error_log_.data(), error_log_.length());
|
| AddCrashMetaData("sig", kCollectionErrorSignature);
|
| WriteCrashMetaData(meta_path, exec, log_path.value());
|
| }
|
| @@ -255,62 +252,6 @@ bool UserCollector::CopyStdinToCoreFile(const FilePath &core_path) {
|
| return false;
|
| }
|
|
|
| -int UserCollector::ForkExecAndPipe(std::vector<const char *> &arguments,
|
| - const char *output_file) {
|
| - // Copy off a writeable version of arguments.
|
| - scoped_array<char*> argv(new char *[arguments.size() + 1]);
|
| - int total_args_size = 0;
|
| - for (size_t i = 0; i < arguments.size(); ++i) {
|
| - if (arguments[i] == NULL) {
|
| - logger_->LogError("Bad parameter");
|
| - return -1;
|
| - }
|
| - total_args_size += strlen(arguments[i]) + 1;
|
| - }
|
| - scoped_array<char> buffer(new char[total_args_size]);
|
| - char *buffer_pointer = &buffer[0];
|
| -
|
| - for (size_t i = 0; i < arguments.size(); ++i) {
|
| - argv[i] = buffer_pointer;
|
| - strcpy(buffer_pointer, arguments[i]);
|
| - buffer_pointer += strlen(arguments[i]);
|
| - *buffer_pointer = '\0';
|
| - ++buffer_pointer;
|
| - }
|
| - argv[arguments.size()] = NULL;
|
| -
|
| - int pid = fork();
|
| - if (pid < 0) {
|
| - logger_->LogError("Fork failed: %d", errno);
|
| - return -1;
|
| - }
|
| -
|
| - if (pid == 0) {
|
| - int output_handle = creat(output_file, 0700);
|
| - if (output_handle < 0) {
|
| - logger_->LogError("Could not create %s: %d", output_file, errno);
|
| - // Avoid exit() to avoid atexit handlers from parent.
|
| - _exit(127);
|
| - }
|
| - dup2(output_handle, 1);
|
| - dup2(output_handle, 2);
|
| - execv(argv[0], &argv[0]);
|
| - logger_->LogError("Exec failed: %d", errno);
|
| - _exit(127);
|
| - }
|
| -
|
| - int status = 0;
|
| - if (HANDLE_EINTR(waitpid(pid, &status, 0)) < 0) {
|
| - logger_->LogError("Problem waiting for pid: %d", errno);
|
| - return -1;
|
| - }
|
| - if (!WIFEXITED(status)) {
|
| - logger_->LogError("Process did not exit normally: %d", status);
|
| - return -1;
|
| - }
|
| - return WEXITSTATUS(status);
|
| -}
|
| -
|
| bool UserCollector::RunCoreToMinidump(const FilePath &core_path,
|
| const FilePath &procfs_directory,
|
| const FilePath &minidump_path,
|
|
|
Chromium Code Reviews
Issue 4603001:
crash-reporter: Avoid writing through symlinks. (Closed)
Base URL: http://git.chromium.org/git/crash-reporter.git@master