| From 4c47cfa22802fd8201586bef233d8161df4ff61b Mon Sep 17 00:00:00 2001 |
| From: Mike Frysinger <vapier@gentoo.org> |
| Date: Fri, 10 Mar 2017 10:15:50 -0800 |
| Subject: [PATCH] libsandbox: whitelist renameat/symlinkat as symlink funcs |
| |
| These funcs don't deref their path args, so flag them as such. |
| |
| URL: https://bugs.gentoo.org/612202 |
| Signed-off-by: Mike Frysinger <vapier@gentoo.org> |
| --- |
| libsandbox/libsandbox.c | 4 +++- |
| tests/renameat-2.sh | 12 ++++++++++++ |
| tests/renameat-3.sh | 11 +++++++++++ |
| tests/renameat.at | 2 ++ |
| tests/symlinkat-2.sh | 10 ++++++++++ |
| tests/symlinkat-3.sh | 9 +++++++++ |
| tests/symlinkat.at | 2 ++ |
| 7 files changed, 49 insertions(+), 1 deletion(-) |
| create mode 100755 tests/renameat-2.sh |
| create mode 100755 tests/renameat-3.sh |
| create mode 100755 tests/symlinkat-2.sh |
| create mode 100755 tests/symlinkat-3.sh |
| |
| diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c |
| index e809308..de48bd7 100644 |
| --- a/libsandbox/libsandbox.c |
| +++ b/libsandbox/libsandbox.c |
| @@ -650,8 +650,10 @@ static bool symlink_func(int sb_nr, int flags, const char *abs_path) |
| sb_nr == SB_NR_LCHOWN || |
| sb_nr == SB_NR_REMOVE || |
| sb_nr == SB_NR_RENAME || |
| + sb_nr == SB_NR_RENAMEAT || |
| sb_nr == SB_NR_RMDIR || |
| - sb_nr == SB_NR_SYMLINK)) |
| + sb_nr == SB_NR_SYMLINK || |
| + sb_nr == SB_NR_SYMLINKAT)) |
| { |
| /* These funcs sometimes operate on symlinks */ |
| if (!((sb_nr == SB_NR_FCHOWNAT || |
| diff --git a/tests/renameat-2.sh b/tests/renameat-2.sh |
| new file mode 100755 |
| index 0000000..d0fbe8a |
| --- /dev/null |
| +++ b/tests/renameat-2.sh |
| @@ -0,0 +1,12 @@ |
| +#!/bin/sh |
| +# make sure we can clobber symlinks #612202 |
| + |
| +addwrite $PWD |
| + |
| +ln -s /asdf sym || exit 1 |
| +touch file |
| +renameat-0 0 AT_FDCWD file AT_FDCWD sym || exit 1 |
| +[ ! -e file ] |
| +[ ! -L sym ] |
| +[ -e sym ] |
| +test ! -s "${SANDBOX_LOG}" |
| diff --git a/tests/renameat-3.sh b/tests/renameat-3.sh |
| new file mode 100755 |
| index 0000000..9ae5c9a |
| --- /dev/null |
| +++ b/tests/renameat-3.sh |
| @@ -0,0 +1,11 @@ |
| +#!/bin/sh |
| +# make sure we reject bad renames #612202 |
| + |
| +addwrite $PWD |
| +mkdir deny |
| +adddeny $PWD/deny |
| + |
| +touch file |
| +renameat-0 -1,EACCES AT_FDCWD file AT_FDCWD deny/file || exit 1 |
| +[ -e file ] |
| +test -s "${SANDBOX_LOG}" |
| diff --git a/tests/renameat.at b/tests/renameat.at |
| index 081d7d2..eec4638 100644 |
| --- a/tests/renameat.at |
| +++ b/tests/renameat.at |
| @@ -1 +1,3 @@ |
| SB_CHECK(1) |
| +SB_CHECK(2) |
| +SB_CHECK(3) |
| diff --git a/tests/symlinkat-2.sh b/tests/symlinkat-2.sh |
| new file mode 100755 |
| index 0000000..168362e |
| --- /dev/null |
| +++ b/tests/symlinkat-2.sh |
| @@ -0,0 +1,10 @@ |
| +#!/bin/sh |
| +# make sure we can clobber symlinks #612202 |
| + |
| +addwrite $PWD |
| + |
| +symlinkat-0 0 /asdf AT_FDCWD ./sym || exit 1 |
| +[ -L sym ] |
| +symlinkat-0 -1,EEXIST /asdf AT_FDCWD ./sym || exit 1 |
| +[ -L sym ] |
| +test ! -s "${SANDBOX_LOG}" |
| diff --git a/tests/symlinkat-3.sh b/tests/symlinkat-3.sh |
| new file mode 100755 |
| index 0000000..a01c750 |
| --- /dev/null |
| +++ b/tests/symlinkat-3.sh |
| @@ -0,0 +1,9 @@ |
| +#!/bin/sh |
| +# make sure we reject bad symlinks #612202 |
| + |
| +addwrite $PWD |
| +mkdir deny |
| +adddeny $PWD/deny |
| + |
| +symlinkat-0 -1,EACCES ./ AT_FDCWD deny/sym || exit 1 |
| +test -s "${SANDBOX_LOG}" |
| diff --git a/tests/symlinkat.at b/tests/symlinkat.at |
| index 081d7d2..eec4638 100644 |
| --- a/tests/symlinkat.at |
| +++ b/tests/symlinkat.at |
| @@ -1 +1,3 @@ |
| SB_CHECK(1) |
| +SB_CHECK(2) |
| +SB_CHECK(3) |
| -- |
| 2.30.0 |
| |