936f6bdb80
Otherwise we can be fooled if one path component is replaced underneath us. The patch achieves that by always operating at file descriptor level (by using *at() helpers) and by making sure we do not any path resolution when traversing direcotry trees. However this is not always possible, for instance when listing the content of a directory or some operations don't provide the *at() helpers or others (such as fchmodat()) don't have the AT_EMPTY_PATH flag. In such cases we operate on /proc/self/fd/%i pseudo-symlink instead, which works the same for all kinds of objects and requires no checking of type beforehand. Also O_PATH flag is used when opening file objects in order to prevent undesired behaviors: device nodes from reacting, automounts from triggering, etc... Fixes: #7986 Fixes: CVE-2018-6954 |
||
---|---|---|
.. | ||
tmpfiles.c |