From: drh <drh@noemail.net>
Date: Thu, 31 May 2012 13:10:49 +0000 (+0000)
Subject: Avoid calling fchown() if the process is not running as root.
X-Git-Tag: version-3.7.13~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ed4668271909964bfa81cc968ccbea5be7f4c15e;p=thirdparty%2Fsqlite.git

Avoid calling fchown() if the process is not running as root.

FossilOrigin-Name: 70c419a434be77b042a23174483d6a411899eb5d
---

diff --git a/manifest b/manifest
index 277d58e302..b001b92c56 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Link\sthe\sNDEBUG\smacro\sto\sSQLITE_DEBUG\sso\sthat\swhen\sSQLITE_DEBUG\sis\sdefined,\nNDEBUG\sis\sautomatically\sundefined\san\sdwhen\sSQLITE_DEBUG\sis\sundefined\nNDEBUG\sis\sautomatically\sdefined.
-D 2012-05-29T19:25:20.175
+C Avoid\scalling\sfchown()\sif\sthe\sprocess\sis\snot\srunning\sas\sroot.
+D 2012-05-31T13:10:49.376
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 4f37eb61be9d38643cdd839a74b8e3bad724cfcf
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -164,7 +164,7 @@ F src/os.c e1acdc09ff3ac2412945cca9766e2dcf4675f31c
 F src/os.h 59beba555b65a450bd1d804220532971d4299f60
 F src/os_common.h 92815ed65f805560b66166e3583470ff94478f04
 F src/os_os2.c 4a75888ba3dfc820ad5e8177025972d74d7f2440
-F src/os_unix.c 8a90a7cdfc19ed0f233d76b63825d8effcae302a
+F src/os_unix.c d7c96b5d140f550f07345870112fae5d7ef99757
 F src/os_win.c 412d6434133c7c81dc48b7702f3ea5e61c309e5c
 F src/pager.c 9d4d6406512002d9a243ec27b9c01e93fda43e36
 F src/pager.h 8b8c9bc065a3c66769df8724dfdf492ee1aab3c5
@@ -1004,7 +1004,7 @@ F tool/tostr.awk e75472c2f98dd76e06b8c9c1367f4ab07e122d06
 F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f
 F tool/warnings-clang.sh a8a0a3babda96dfb1ff51adda3cbbf3dfb7266c2
 F tool/warnings.sh fbc018d67fd7395f440c28f33ef0f94420226381
-P 6fec6cf1fbac881a33a35ea99aac2f5f1cf27c2a
-R 04c27600577da03816e15c318dd7df31
+P 07935d10d341fe6265cfd3b09e2c4ef4005c4826
+R db0f48be730e02610af744a3fe432e51
 U drh
-Z 9df1e8f50925fc882f32cc14d2630547
+Z a3e118b76a7afa02078e1c319e3927b5
diff --git a/manifest.uuid b/manifest.uuid
index 5097ca4c3a..b74e97b330 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-07935d10d341fe6265cfd3b09e2c4ef4005c4826
\ No newline at end of file
+70c419a434be77b042a23174483d6a411899eb5d
\ No newline at end of file
diff --git a/src/os_unix.c b/src/os_unix.c
index f1d3a08a06..0f11613b0a 100644
--- a/src/os_unix.c
+++ b/src/os_unix.c
@@ -262,7 +262,6 @@ struct unixFile {
 #define UNIXFILE_DELETE      0x20     /* Delete on close */
 #define UNIXFILE_URI         0x40     /* Filename might have query parameters */
 #define UNIXFILE_NOLOCK      0x80     /* Do no file locking */
-#define UNIXFILE_CHOWN      0x100     /* File ownership was changed */
 
 /*
 ** Include code that is common to all os_*.c files
@@ -308,6 +307,15 @@ static int posixOpen(const char *zFile, int flags, int mode){
   return open(zFile, flags, mode);
 }
 
+/*
+** On some systems, calls to fchown() will trigger a message in a security
+** log if they come from non-root processes.  So avoid calling fchown() if
+** we are not running as root.
+*/
+static int posixFchown(int fd, uid_t uid, gid_t gid){
+  return geteuid() ? 0 : fchown(fd,uid,gid);
+}
+
 /* Forward reference */
 static int openDirectory(const char*, int*);
 
@@ -419,7 +427,7 @@ static struct unix_syscall {
   { "rmdir",        (sqlite3_syscall_ptr)rmdir,           0 },
 #define osRmdir     ((int(*)(const char*))aSyscall[19].pCurrent)
 
-  { "fchown",       (sqlite3_syscall_ptr)fchown,          0 },
+  { "fchown",       (sqlite3_syscall_ptr)posixFchown,     0 },
 #define osFchown    ((int(*)(int,uid_t,gid_t))aSyscall[20].pCurrent)
 
   { "umask",        (sqlite3_syscall_ptr)umask,           0 },
@@ -3944,14 +3952,9 @@ static int unixOpenSharedMemory(unixFile *pDbFd){
 
       /* If this process is running as root, make sure that the SHM file
       ** is owned by the same user that owns the original database.  Otherwise,
-      ** the original owner will not be able to connect. If this process is
-      ** not root, the following fchown() will fail, but we don't care.  The
-      ** if(){..} and the UNIXFILE_CHOWN flag are purely to silence compiler
-      ** warnings.
+      ** the original owner will not be able to connect.
       */
-      if( osFchown(pShmNode->h, sStat.st_uid, sStat.st_gid)==0 ){
-        pDbFd->ctrlFlags |= UNIXFILE_CHOWN;
-      }
+      osFchown(pShmNode->h, sStat.st_uid, sStat.st_gid);
   
       /* Check to see if another process is holding the dead-man switch.
       ** If not, truncate the file to zero length. 
@@ -5157,13 +5160,10 @@ static int unixOpen(
 
     /* If this process is running as root and if creating a new rollback
     ** journal or WAL file, set the ownership of the journal or WAL to be
-    ** the same as the original database.  If we are not running as root,
-    ** then the fchown() call will fail, but that's ok.  The "if(){}" and
-    ** the setting of the UNIXFILE_CHOWN flag are purely to silence compiler
-    ** warnings from gcc.
+    ** the same as the original database.
     */
     if( flags & (SQLITE_OPEN_WAL|SQLITE_OPEN_MAIN_JOURNAL) ){
-      if( osFchown(fd, uid, gid)==0 ){ p->ctrlFlags |= UNIXFILE_CHOWN; }
+      osFchown(fd, uid, gid);
     }
   }
   assert( fd>=0 );