Google Git
Sign in
cos / third_party / overlays / chromiumos-overlay / a0e5a54766f01c712dbfdcd4758943aa890cb4bb / . / sys-apps / sandbox / files / sandbox-2.11-allowlist-renameat-symlinkat-as-symlink-f.patch
blob: 8cdfab8d956ad75e1a11ff9042bab262f45aa5dd [file] [log] [blame]
From 4c47cfa22802fd8201586bef233d8161df4ff61b Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Fri, 10 Mar 2017 10:15:50 -0800
Subject: [PATCH] libsandbox: whitelist renameat/symlinkat as symlink funcs
These funcs don't deref their path args, so flag them as such.
URL: https://bugs.gentoo.org/612202
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
---
libsandbox/libsandbox.c | 4 +++-
tests/renameat-2.sh | 12 ++++++++++++
tests/renameat-3.sh | 11 +++++++++++
tests/renameat.at | 2 ++
tests/symlinkat-2.sh | 10 ++++++++++
tests/symlinkat-3.sh | 9 +++++++++
tests/symlinkat.at | 2 ++
7 files changed, 49 insertions(+), 1 deletion(-)
create mode 100755 tests/renameat-2.sh
create mode 100755 tests/renameat-3.sh
create mode 100755 tests/symlinkat-2.sh
create mode 100755 tests/symlinkat-3.sh
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index e809308..de48bd7 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -650,8 +650,10 @@ static bool symlink_func(int sb_nr, int flags, const char *abs_path)
sb_nr == SB_NR_LCHOWN ||
sb_nr == SB_NR_REMOVE ||
sb_nr == SB_NR_RENAME ||
+ sb_nr == SB_NR_RENAMEAT ||
sb_nr == SB_NR_RMDIR ||
- sb_nr == SB_NR_SYMLINK))
+ sb_nr == SB_NR_SYMLINK ||
+ sb_nr == SB_NR_SYMLINKAT))
{
/* These funcs sometimes operate on symlinks */
if (!((sb_nr == SB_NR_FCHOWNAT ||
diff --git a/tests/renameat-2.sh b/tests/renameat-2.sh
new file mode 100755
index 0000000..d0fbe8a
--- /dev/null
+++ b/tests/renameat-2.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+# make sure we can clobber symlinks #612202
+
+addwrite $PWD
+
+ln -s /asdf sym || exit 1
+touch file
+renameat-0 0 AT_FDCWD file AT_FDCWD sym || exit 1
+[ ! -e file ]
+[ ! -L sym ]
+[ -e sym ]
+test ! -s "${SANDBOX_LOG}"
diff --git a/tests/renameat-3.sh b/tests/renameat-3.sh
new file mode 100755
index 0000000..9ae5c9a
--- /dev/null
+++ b/tests/renameat-3.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+# make sure we reject bad renames #612202
+
+addwrite $PWD
+mkdir deny
+adddeny $PWD/deny
+
+touch file
+renameat-0 -1,EACCES AT_FDCWD file AT_FDCWD deny/file || exit 1
+[ -e file ]
+test -s "${SANDBOX_LOG}"
diff --git a/tests/renameat.at b/tests/renameat.at
index 081d7d2..eec4638 100644
--- a/tests/renameat.at
+++ b/tests/renameat.at
@@ -1 +1,3 @@
SB_CHECK(1)
+SB_CHECK(2)
+SB_CHECK(3)
diff --git a/tests/symlinkat-2.sh b/tests/symlinkat-2.sh
new file mode 100755
index 0000000..168362e
--- /dev/null
+++ b/tests/symlinkat-2.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+# make sure we can clobber symlinks #612202
+
+addwrite $PWD
+
+symlinkat-0 0 /asdf AT_FDCWD ./sym || exit 1
+[ -L sym ]
+symlinkat-0 -1,EEXIST /asdf AT_FDCWD ./sym || exit 1
+[ -L sym ]
+test ! -s "${SANDBOX_LOG}"
diff --git a/tests/symlinkat-3.sh b/tests/symlinkat-3.sh
new file mode 100755
index 0000000..a01c750
--- /dev/null
+++ b/tests/symlinkat-3.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+# make sure we reject bad symlinks #612202
+
+addwrite $PWD
+mkdir deny
+adddeny $PWD/deny
+
+symlinkat-0 -1,EACCES ./ AT_FDCWD deny/sym || exit 1
+test -s "${SANDBOX_LOG}"
diff --git a/tests/symlinkat.at b/tests/symlinkat.at
index 081d7d2..eec4638 100644
--- a/tests/symlinkat.at
+++ b/tests/symlinkat.at
@@ -1 +1,3 @@
SB_CHECK(1)
+SB_CHECK(2)
+SB_CHECK(3)
--
2.30.0