db, fix: more secure way to choose effective directory permissions

And implement --directory-permissions for fix-applet to reset all directory uid, gid and modes.
author: Timo Teräs <timo.teras@iki.fi> 2012-02-10 16:40:01 +0200
committer: Timo Teräs <timo.teras@iki.fi> 2012-02-10 16:40:01 +0200
commit: 9ac8d8710229315b2e481fb99cec3ebc1852ea4f (patch)
tree: 6834c58328909995222651b1fed9824ad93d7efd /src/audit.c
parent: f2e41a488e51a973015719625947183416056e26 (diff)
download: apk-tools-9ac8d8710229315b2e481fb99cec3ebc1852ea4f.tar.gz
apk-tools-9ac8d8710229315b2e481fb99cec3ebc1852ea4f.tar.bz2
apk-tools-9ac8d8710229315b2e481fb99cec3ebc1852ea4f.tar.xz
apk-tools-9ac8d8710229315b2e481fb99cec3ebc1852ea4f.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/src/audit.c b/src/audit.c
index 296684f..d6a66b7 100644
--- a/src/audit.c
+++ b/src/audit.c
@@ -38,6 +38,8 @@ static int audit_file(struct apk_database *db, struct apk_db_file *dbf,
 	if (S_ISLNK(fi.mode) && dbf->csum.type == APK_CHECKSUM_NONE)
 		return 0;
 
+	/* FIXME: check uid/gid/mode; but they are not in DB */
+
 	return 1;
 }
 
@@ -74,8 +76,10 @@ static int audit_directory(apk_hash_item item, void *ctx)
 			continue;
 
 		if (S_ISDIR(fi.mode)) {
-			if (apk_db_dir_query(db, APK_BLOB_STR(tmp)) != NULL)
+			if (apk_db_dir_query(db, APK_BLOB_STR(tmp)) != NULL) {
+				/* FIXME: check uid/gid/mode */
 				continue;
+			}
 
 			reason = 'D';
 		} else {
author	Timo Teräs <timo.teras@iki.fi>	2012-02-10 16:40:01 +0200
committer	Timo Teräs <timo.teras@iki.fi>	2012-02-10 16:40:01 +0200
commit	9ac8d8710229315b2e481fb99cec3ebc1852ea4f (patch)
tree	6834c58328909995222651b1fed9824ad93d7efd /src/audit.c
parent	f2e41a488e51a973015719625947183416056e26 (diff)
download	apk-tools-9ac8d8710229315b2e481fb99cec3ebc1852ea4f.tar.gz apk-tools-9ac8d8710229315b2e481fb99cec3ebc1852ea4f.tar.bz2 apk-tools-9ac8d8710229315b2e481fb99cec3ebc1852ea4f.tar.xz apk-tools-9ac8d8710229315b2e481fb99cec3ebc1852ea4f.zip