picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fs-util: exempt root prefix directories from UID checks 

When chase_symlinks is given a root path, it is assumed that all
processed symlinks are restricted under that path.  It should not
be necessary to verify components of that prefix path since they
are not relevant to the symlinks.

This change skips unsafe UID transitions in this root prefix, i.e.
it now ignores when an unprivileged user's directory contains a
root-owned directory above the symlink root.
This commit is contained in:
David Michael 2019-02-25 13:18:30 -05:00
parent 8e4fbe3f2d
commit cc14a6c011
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/basic/fs-util.c
View File

@ -926,6 +926,7 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
if (fstat(child, &st) < 0)
return -errno;
if ((flags & CHASE_SAFE) &&
(empty_or_root(root) || (size_t)(todo - buffer) > strlen(root)) &&
unsafe_transition(&previous_stat, &st))
return log_unsafe_transition(fd, child, path, flags);