aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichał Górny <mgorny@gentoo.org>2017-09-25 18:30:51 +0200
committerMichał Górny <mgorny@gentoo.org>2017-10-03 18:38:51 +0200
commit8212b2ac2b6384e290084da4d164a5771d5f410a (patch)
tree8b9ef32c07b8ef770b292e86094bb503a005d062
parentlibsandbox: do not abort with a long name to opendir (diff)
downloadsandbox-8212b2ac2b6384e290084da4d164a5771d5f410a.tar.gz
sandbox-8212b2ac2b6384e290084da4d164a5771d5f410a.tar.bz2
sandbox-8212b2ac2b6384e290084da4d164a5771d5f410a.zip
Remove no-longer-necessary symlink hack in ACL
Remove the hack supposedly responsible for making it possible to remove symbolic links to protected files. The hack was probably necessary back when the write check was performed on fully resolved path. However, currently the path resolution is no longer performed when the operation does not resolve symlinks, effectively making the hack redundant.
-rw-r--r--libsandbox/libsandbox.c40
1 files changed, 0 insertions, 40 deletions
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index de48bd7..e164dcf 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -794,46 +794,6 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func,
goto out;
}
- /* XXX: Hack to enable us to remove symlinks pointing to
- * protected stuff. First we make sure that the passed path
- * is writable, and if so, check if it's a symlink, and give
- * access only if the resolved path of the symlink's parent
- * also have write access. We also want to let through funcs
- * whose flags say they will operate on symlinks themselves
- * rather than dereferencing them.
- */
- if (sym_func) {
- /* Check if the symlink unresolved path have access */
- retval = check_prefixes(sbcontext->write_prefixes,
- sbcontext->num_write_prefixes, abs_path);
- if (1 == retval) { /* Does have write access on path */
- char *dname, *dname_buf, *rpath;
-
- dname_buf = xstrdup(abs_path);
- dname = dirname(dname_buf);
- /* Get symlink resolved path */
- rpath = resolve_path(dname, 1);
- free(dname_buf);
- if (NULL == rpath)
- /* Don't really worry here about
- * memory issues */
- goto unlink_hack_end;
-
- /* Now check if the symlink resolved path have access */
- retval = check_prefixes(sbcontext->write_prefixes,
- sbcontext->num_write_prefixes,
- rpath);
- free(rpath);
- if (1 == retval) {
- /* Does have write access on path, so
- * enable the hack as it is a symlink */
- result = 1;
- goto out;
- }
- }
- }
- unlink_hack_end: ;
-
/* Hack to allow writing to '/proc/self/fd' #91516. It needs
* to be here as for each process, the '/proc/self' symlink
* will differ ...