From 9ac8d8710229315b2e481fb99cec3ebc1852ea4f Mon Sep 17 00:00:00 2001
From: Timo Teräs <timo.teras@iki.fi>
Date: Fri, 10 Feb 2012 16:40:01 +0200
Subject: db, fix: more secure way to choose effective directory permissions

And implement --directory-permissions for fix-applet to reset all
directory uid, gid and modes.
---
 src/audit.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/audit.c')

diff --git a/src/audit.c b/src/audit.c
index 296684f..d6a66b7 100644
--- a/src/audit.c
+++ b/src/audit.c
@@ -38,6 +38,8 @@ static int audit_file(struct apk_database *db, struct apk_db_file *dbf,
 	if (S_ISLNK(fi.mode) && dbf->csum.type == APK_CHECKSUM_NONE)
 		return 0;
 
+	/* FIXME: check uid/gid/mode; but they are not in DB */
+
 	return 1;
 }
 
@@ -74,8 +76,10 @@ static int audit_directory(apk_hash_item item, void *ctx)
 			continue;
 
 		if (S_ISDIR(fi.mode)) {
-			if (apk_db_dir_query(db, APK_BLOB_STR(tmp)) != NULL)
+			if (apk_db_dir_query(db, APK_BLOB_STR(tmp)) != NULL) {
+				/* FIXME: check uid/gid/mode */
 				continue;
+			}
 
 			reason = 'D';
 		} else {
-- 
cgit v1.2.3-60-g2f50