| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125 |
- From 4c47cfa22802fd8201586bef233d8161df4ff61b Mon Sep 17 00:00:00 2001
- From: Mike Frysinger <vapier@gentoo.org>
- Date: Fri, 10 Mar 2017 10:15:50 -0800
- Subject: [PATCH] libsandbox: whitelist renameat/symlinkat as symlink funcs
- These funcs don't deref their path args, so flag them as such.
- URL: https://bugs.gentoo.org/612202
- Signed-off-by: Mike Frysinger <vapier@gentoo.org>
- ---
- libsandbox/libsandbox.c | 4 +++-
- tests/renameat-2.sh | 12 ++++++++++++
- tests/renameat-3.sh | 11 +++++++++++
- tests/renameat.at | 2 ++
- tests/symlinkat-2.sh | 10 ++++++++++
- tests/symlinkat-3.sh | 9 +++++++++
- tests/symlinkat.at | 2 ++
- 7 files changed, 49 insertions(+), 1 deletion(-)
- create mode 100755 tests/renameat-2.sh
- create mode 100755 tests/renameat-3.sh
- create mode 100755 tests/symlinkat-2.sh
- create mode 100755 tests/symlinkat-3.sh
- diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
- index e809308d717d..de48bd79ba53 100644
- --- a/libsandbox/libsandbox.c
- +++ b/libsandbox/libsandbox.c
- @@ -650,8 +650,10 @@ static bool symlink_func(int sb_nr, int flags, const char *abs_path)
- sb_nr == SB_NR_LCHOWN ||
- sb_nr == SB_NR_REMOVE ||
- sb_nr == SB_NR_RENAME ||
- + sb_nr == SB_NR_RENAMEAT ||
- sb_nr == SB_NR_RMDIR ||
- - sb_nr == SB_NR_SYMLINK))
- + sb_nr == SB_NR_SYMLINK ||
- + sb_nr == SB_NR_SYMLINKAT))
- {
- /* These funcs sometimes operate on symlinks */
- if (!((sb_nr == SB_NR_FCHOWNAT ||
- diff --git a/tests/renameat-2.sh b/tests/renameat-2.sh
- new file mode 100755
- index 000000000000..d0fbe8ae4574
- --- /dev/null
- +++ b/tests/renameat-2.sh
- @@ -0,0 +1,12 @@
- +#!/bin/sh
- +# make sure we can clobber symlinks #612202
- +
- +addwrite $PWD
- +
- +ln -s /asdf sym || exit 1
- +touch file
- +renameat-0 0 AT_FDCWD file AT_FDCWD sym || exit 1
- +[ ! -e file ]
- +[ ! -L sym ]
- +[ -e sym ]
- +test ! -s "${SANDBOX_LOG}"
- diff --git a/tests/renameat-3.sh b/tests/renameat-3.sh
- new file mode 100755
- index 000000000000..9ae5c9a6511a
- --- /dev/null
- +++ b/tests/renameat-3.sh
- @@ -0,0 +1,11 @@
- +#!/bin/sh
- +# make sure we reject bad renames #612202
- +
- +addwrite $PWD
- +mkdir deny
- +adddeny $PWD/deny
- +
- +touch file
- +renameat-0 -1,EACCES AT_FDCWD file AT_FDCWD deny/file || exit 1
- +[ -e file ]
- +test -s "${SANDBOX_LOG}"
- diff --git a/tests/renameat.at b/tests/renameat.at
- index 081d7d20277e..eec4638deeaa 100644
- --- a/tests/renameat.at
- +++ b/tests/renameat.at
- @@ -1 +1,3 @@
- SB_CHECK(1)
- +SB_CHECK(2)
- +SB_CHECK(3)
- diff --git a/tests/symlinkat-2.sh b/tests/symlinkat-2.sh
- new file mode 100755
- index 000000000000..168362e8806f
- --- /dev/null
- +++ b/tests/symlinkat-2.sh
- @@ -0,0 +1,10 @@
- +#!/bin/sh
- +# make sure we can clobber symlinks #612202
- +
- +addwrite $PWD
- +
- +symlinkat-0 0 /asdf AT_FDCWD ./sym || exit 1
- +[ -L sym ]
- +symlinkat-0 -1,EEXIST /asdf AT_FDCWD ./sym || exit 1
- +[ -L sym ]
- +test ! -s "${SANDBOX_LOG}"
- diff --git a/tests/symlinkat-3.sh b/tests/symlinkat-3.sh
- new file mode 100755
- index 000000000000..a01c750dd2b6
- --- /dev/null
- +++ b/tests/symlinkat-3.sh
- @@ -0,0 +1,9 @@
- +#!/bin/sh
- +# make sure we reject bad symlinks #612202
- +
- +addwrite $PWD
- +mkdir deny
- +adddeny $PWD/deny
- +
- +symlinkat-0 -1,EACCES ./ AT_FDCWD deny/sym || exit 1
- +test -s "${SANDBOX_LOG}"
- diff --git a/tests/symlinkat.at b/tests/symlinkat.at
- index 081d7d20277e..eec4638deeaa 100644
- --- a/tests/symlinkat.at
- +++ b/tests/symlinkat.at
- @@ -1 +1,3 @@
- SB_CHECK(1)
- +SB_CHECK(2)
- +SB_CHECK(3)
- --
- 2.12.0
|
