picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

tmpfiles: use CHASE_WARN in addition to CHASE_SAFE 

and let's emit a more comprehensive warning when an unsafe transition is
encountered.

Before this patch:

 Unsafe symlinks encountered in /run/nrpe, refusing.

After:

 Detected unsafe path transition / → /run during canonicalization of /run/nrpe.
This commit is contained in:
Franck Bui 2018-11-28 16:09:16 +01:00
parent 36c97decbe
commit 7f0704da94
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/tmpfiles/tmpfiles.c
View File

@ -861,10 +861,8 @@ static int path_open_parent_safe(const char *path) {
if (!dn)
return log_oom();
fd = chase_symlinks(dn, NULL, CHASE_OPEN|CHASE_SAFE, NULL);
if (fd == -ENOLINK)
return log_error_errno(fd, "Unsafe symlinks encountered in %s, refusing.", path);
if (fd < 0)
fd = chase_symlinks(dn, NULL, CHASE_OPEN|CHASE_SAFE|CHASE_WARN, NULL);
if (fd < 0 && fd != -ENOLINK)
return log_error_errno(fd, "Failed to validate path %s: %m", path);
return fd;
@ -884,10 +882,8 @@ static int path_open_safe(const char *path) {
"Failed to open invalid path '%s'.",
path);
fd = chase_symlinks(path, NULL, CHASE_OPEN|CHASE_SAFE|CHASE_NOFOLLOW, NULL);
if (fd == -ENOLINK)
return log_error_errno(fd, "Unsafe symlinks encountered in %s, refusing.", path);
if (fd < 0)
fd = chase_symlinks(path, NULL, CHASE_OPEN|CHASE_SAFE|CHASE_WARN|CHASE_NOFOLLOW, NULL);
if (fd < 0 && fd != -ENOLINK)
return log_error_errno(fd, "Failed to validate path %s: %m", path);
return fd;