Mac: More sandbox security changes for symlinks: lchown is not available under OS 10.3.9

svn path=/trunk/boinc/; revision=14955

checkin_notes

@@ -2590,9 +2590,23 @@ Charlie Mar 20 2008
         mac/
             SetupSecurity.cpp
 
-Charlie Mar 20 2008
+Charlie Mar 21 2008
     - Mac: Another sandbox security update for symlinks: setprojectgrp calls 
         lchown() instead of chown().
     
     client/
         setprojectgrp.C
+
+Charlie Mar 21 2008
+    - Mac: More sandbox security changes for symlinks: lchown is not available 
+        under OS 10.3.9, so don't use it.  The system ignores ownership and 
+        permissions of symbolic links, so setprojectgrp does nothing if it is  
+        called for a symbolic link.  
+        Also make additional changes to check_security and SetupSecurity.
+    
+    client/
+        check_security.C
+        setprojectgrp.C
+    clientgui/
+        mac/
+            SetupSecurity.cpp

client/check_security.C

@@ -497,7 +497,7 @@ static int CheckNestedDirectories(char * basepath, int depth, int use_sandbox) {
 
         isDirectory = S_ISDIR(sbuf.st_mode);
 
-        if (!S_ISLNK(sbuf.st_mode)) {
+        if (!S_ISLNK(sbuf.st_mode)) {   // The system ignores ownership & permissions of symbolic links
             if (depth > 1)  {
                 // files and subdirectories created by projects may have owner boinc_master or boinc_project
                 if ( (sbuf.st_uid != boinc_master_uid) && (sbuf.st_uid != boinc_project_uid) ) {

client/setprojectgrp.C

@@ -29,10 +29,12 @@
 #include <grp.h>
 #include <stdio.h>
 #include <cerrno>
+#include <sys/stat.h>
 
 int main(int argc, char** argv) {
     gid_t       project_gid;
-    int         retval;
+    int         retval = 0;
+    struct stat sbuf;
     
     project_gid = getegid();
 
@@ -41,9 +43,21 @@ int main(int argc, char** argv) {
     fflush(stderr);
 #endif
 
-    retval = lchown(argv[1], (uid_t)-1, project_gid);
+    // chown() doesn't change ownershp of symbolic links; it follows the link and 
-    if (retval)
+    // changes the file is not available in OS 10.3.9.
-        fprintf(stderr, "lchown(%s, -1, %d) failed: errno=%d\n", argv[1], project_gid, errno);
+    //
-
+    // But we don't really need to worry about this, because the system ignores 
+    // ownership & permissions of symbolic links anyway.
+    //
+    // Also, the target of a symbolic link may not be present if the slot containing 
+    // the link is no longer in use.
+    //
+    if (lstat(argv[1], &sbuf) == 0) {
+        if (!S_ISLNK(sbuf.st_mode)) {
+            retval = chown(argv[1], (uid_t)-1, project_gid);
+            if (retval)
+                fprintf(stderr, "chown(%s, -1, %d) failed: errno=%d\n", argv[1], project_gid, errno);
+        }
+    }
     return retval;
 }

clientgui/mac/SetupSecurity.cpp

@@ -346,7 +346,7 @@ int SetBOINCDataOwnersGroupsAndPermissions() {
         // Set owner and group of projects directory's contents
         sprintf(buf1, "%s:%s", boinc_master_user_name, boinc_project_group_name);
         // chown -R boinc_master:boinc_project "/Library/Application Support/BOINC Data/projects"
-        err = DoPrivilegedExec(chownPath, "-R", buf1, fullpath, NULL, NULL);
+        err = DoPrivilegedExec(chownPath, "-Rh", buf1, fullpath, NULL, NULL);
         if (err)
             return err;
 
@@ -391,7 +391,7 @@ int SetBOINCDataOwnersGroupsAndPermissions() {
         // Set owner and group of slots directory's contents
         sprintf(buf1, "%s:%s", boinc_master_user_name, boinc_project_group_name);
         // chown -R boinc_master:boinc_project "/Library/Application Support/BOINC Data/slots"
-        err = DoPrivilegedExec(chownPath, "-R", buf1, fullpath, NULL, NULL);
+        err = DoPrivilegedExec(chownPath, "-Rh", buf1, fullpath, NULL, NULL);
         if (err)
             return err;