diff options
| author | drh <drh@noemail.net> | 2019-09-25 10:36:31 +0000 |
|---|---|---|
| committer | drh <drh@noemail.net> | 2019-09-25 10:36:31 +0000 |
| commit | 1116b1785c018911c33c4148aee1987810b5670b (patch) | |
| tree | e12d6eca70b9c342d78def18fda79de47c5f942d /src/os_unix.c | |
| parent | c5b35ae567e0f68d20bb102f781d23c42251d042 (diff) | |
| download | sqlite-1116b1785c018911c33c4148aee1987810b5670b.tar.gz sqlite-1116b1785c018911c33c4148aee1987810b5670b.zip | |
In the unix VFS layer, do not attempt to chown() the journal to be the same
as the database if running in 8+3 filename mode. Also, update the comments
on the chown() attempt to be more precise.
FossilOrigin-Name: ab853724a7e01ca32167d294c3c80d6632e805bdf39b6d56db82226a00ad72dc
Diffstat (limited to 'src/os_unix.c')
| -rw-r--r-- | src/os_unix.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/src/os_unix.c b/src/os_unix.c index 3c1d48a4d..ae9356a71 100644 --- a/src/os_unix.c +++ b/src/os_unix.c @@ -5824,7 +5824,7 @@ static int getFileMode( ** If the SQLITE_ENABLE_8_3_NAMES option is enabled, then the ** original filename is unavailable. But 8_3_NAMES is only used for ** FAT filesystems and permissions do not matter there, so just use -** the default permissions. +** the default permissions. In 8_3_NAMES mode, leave *pMode set to zero. */ static int findCreateFileMode( const char *zPath, /* Path of file (possibly) being created */ @@ -6059,11 +6059,19 @@ static int unixOpen( goto open_finished; } - /* If this process is running as root and if creating a new rollback - ** journal or WAL file, set the ownership of the journal or WAL to be - ** the same as the original database. + /* The owner of the rollback journal or WAL file should always be the + ** same as the owner of the database file. Try to ensure that this is + ** the case. The chown() system call will be a no-op if the current + ** process lacks root privileges, be we should at least try. Without + ** this step, if a root process opens a database file, it can leave + ** behinds a journal/WAL that is owned by root and hence make the + ** database inaccessible to unprivileged processes. + ** + ** If openFlags==0, then that means uid and gid are not set correctly + ** (probably because SQLite is configured to use 8+3 filename mode) and + ** in that case we do not want to attempt the chown(). */ - if( flags & (SQLITE_OPEN_WAL|SQLITE_OPEN_MAIN_JOURNAL) ){ + if( openFlags && (flags & (SQLITE_OPEN_WAL|SQLITE_OPEN_MAIN_JOURNAL))!=0 ){ robustFchown(fd, uid, gid); } } |