From 0a25641821f72def6047b4dc3d44a15262e622fc Mon Sep 17 00:00:00 2001 From: tedu Date: Tue, 23 Dec 2014 03:29:52 +0000 Subject: [PATCH] the kvm database only needs to be readable by kmem group. make it so. --- usr.sbin/kvm_mkdb/kvm_mkdb.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/usr.sbin/kvm_mkdb/kvm_mkdb.c b/usr.sbin/kvm_mkdb/kvm_mkdb.c index cfd043af797..6223ae6d2d1 100644 --- a/usr.sbin/kvm_mkdb/kvm_mkdb.c +++ b/usr.sbin/kvm_mkdb/kvm_mkdb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kvm_mkdb.c,v 1.18 2014/07/20 01:38:40 guenther Exp $ */ +/* $OpenBSD: kvm_mkdb.c,v 1.19 2014/12/23 03:29:52 tedu Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -31,6 +31,9 @@ #include #include +#include +#include +#include #include #include @@ -42,10 +45,7 @@ #include #include #include - -#include -#include -#include +#include #include "extern.h" @@ -131,6 +131,7 @@ kvm_mkdb(int fd, const char *dbdir, char *nlistpath, char *nlistname, DB *db; char dbtemp[MAXPATHLEN], dbname[MAXPATHLEN]; int r; + struct group *gr; r = snprintf(dbtemp, sizeof(dbtemp), "%skvm_%s.tmp", dbdir, nlistname); @@ -155,7 +156,7 @@ kvm_mkdb(int fd, const char *dbdir, char *nlistpath, char *nlistname, (void)umask(0); db = dbopen(dbtemp, O_CREAT | O_EXLOCK | O_TRUNC | O_RDWR, - S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH, DB_HASH, &openinfo); + S_IRUSR | S_IWUSR | S_IRGRP, DB_HASH, &openinfo); if (db == NULL) { warn("can't dbopen %s", dbtemp); return(1); @@ -170,6 +171,14 @@ kvm_mkdb(int fd, const char *dbdir, char *nlistpath, char *nlistname, (void)unlink(dbtemp); return(1); } + + if ((gr = getgrnam("kmem")) == NULL) { + warn("can't find kmem group"); + } else if (chown(dbtemp, -1, gr->gr_gid)) { + warn("can't chown %s", dbtemp); + (void)unlink(dbtemp); + return(1); + } if (rename(dbtemp, dbname)) { warn("rename %s to %s", dbtemp, dbname); (void)unlink(dbtemp); -- 2.20.1