diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2009-03-08 07:14:17 -0400 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2009-03-08 08:47:05 -0400 |
| commit | 7b0b914b4ea0e594867bad91fe1aaffa0c21d87b (patch) | |
| tree | a0cbb36e49c17f91017c75c1c9b2e0cc80a1f53e /libsandbox/wrapper-funcs | |
| parent | libsandbox: push errno save/restore down in openat() (diff) | |
| download | sandbox-7b0b914b4ea0e594867bad91fe1aaffa0c21d87b.tar.gz sandbox-7b0b914b4ea0e594867bad91fe1aaffa0c21d87b.tar.bz2 sandbox-7b0b914b4ea0e594867bad91fe1aaffa0c21d87b.zip | |
libsandbox: handle symlinks properly
Make sure we handle edge cases that involve symlinks and functions that
operate on symlinks. This includes newer style *at functions that can go
between operating on symlinks and operating on the linked files, and on
symlinks to files that live in explicitly denied paths.
URL: http://bugs.gentoo.org/254914
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Mike Auty <ikelos@gentoo.org>
Diffstat (limited to 'libsandbox/wrapper-funcs')
| -rw-r--r-- | libsandbox/wrapper-funcs/fchmodat.c | 2 | ||||
| -rw-r--r-- | libsandbox/wrapper-funcs/fchownat.c | 2 | ||||
| -rw-r--r-- | libsandbox/wrapper-funcs/futimesat.c | 2 | ||||
| -rw-r--r-- | libsandbox/wrapper-funcs/linkat.c | 2 | ||||
| -rw-r--r-- | libsandbox/wrapper-funcs/mkdirat.c | 2 | ||||
| -rw-r--r-- | libsandbox/wrapper-funcs/mkfifoat.c | 2 | ||||
| -rw-r--r-- | libsandbox/wrapper-funcs/mknodat.c | 2 | ||||
| -rw-r--r-- | libsandbox/wrapper-funcs/renameat.c | 2 | ||||
| -rw-r--r-- | libsandbox/wrapper-funcs/symlinkat.c | 2 | ||||
| -rw-r--r-- | libsandbox/wrapper-funcs/unlinkat.c | 2 | ||||
| -rw-r--r-- | libsandbox/wrapper-funcs/utimensat.c | 2 |
11 files changed, 11 insertions, 11 deletions
diff --git a/libsandbox/wrapper-funcs/fchmodat.c b/libsandbox/wrapper-funcs/fchmodat.c index a548cbc..31b4b80 100644 --- a/libsandbox/wrapper-funcs/fchmodat.c +++ b/libsandbox/wrapper-funcs/fchmodat.c @@ -7,5 +7,5 @@ #define WRAPPER_ARGS_PROTO int dirfd, const char *path, mode_t mode, int flags #define WRAPPER_ARGS dirfd, path, mode, flags -#define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(dirfd, path) +#define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(dirfd, path, flags) #include "__wrapper_simple.c" diff --git a/libsandbox/wrapper-funcs/fchownat.c b/libsandbox/wrapper-funcs/fchownat.c index a4f15f1..01983a4 100644 --- a/libsandbox/wrapper-funcs/fchownat.c +++ b/libsandbox/wrapper-funcs/fchownat.c @@ -7,5 +7,5 @@ #define WRAPPER_ARGS_PROTO int dirfd, const char *path, uid_t owner, gid_t group, int flags #define WRAPPER_ARGS dirfd, path, owner, group, flags -#define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(dirfd, path) +#define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(dirfd, path, flags) #include "__wrapper_simple.c" diff --git a/libsandbox/wrapper-funcs/futimesat.c b/libsandbox/wrapper-funcs/futimesat.c index c66d442..d4724ee 100644 --- a/libsandbox/wrapper-funcs/futimesat.c +++ b/libsandbox/wrapper-funcs/futimesat.c @@ -7,5 +7,5 @@ #define WRAPPER_ARGS_PROTO int dirfd, const char *filename, const struct timeval times[] #define WRAPPER_ARGS dirfd, filename, times -#define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(dirfd, filename) +#define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(dirfd, filename, 0) #include "__wrapper_simple.c" diff --git a/libsandbox/wrapper-funcs/linkat.c b/libsandbox/wrapper-funcs/linkat.c index 819adb6..b177119 100644 --- a/libsandbox/wrapper-funcs/linkat.c +++ b/libsandbox/wrapper-funcs/linkat.c @@ -7,5 +7,5 @@ #define WRAPPER_ARGS_PROTO int olddirfd, const char *oldpath, int newdirfd, const char *newpath, int flags #define WRAPPER_ARGS olddirfd, oldpath, newdirfd, newpath, flags -#define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(newdirfd, newpath) +#define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(newdirfd, newpath, flags) #include "__wrapper_simple.c" diff --git a/libsandbox/wrapper-funcs/mkdirat.c b/libsandbox/wrapper-funcs/mkdirat.c index 82ae34d..7d89c6a 100644 --- a/libsandbox/wrapper-funcs/mkdirat.c +++ b/libsandbox/wrapper-funcs/mkdirat.c @@ -8,7 +8,7 @@ #ifndef WRAPPER_ARGS_PROTO /* let mkdir() use us */ # define WRAPPER_ARGS_PROTO int dirfd, const char *pathname, mode_t mode # define WRAPPER_ARGS dirfd, pathname, mode -# define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(dirfd, pathname) +# define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(dirfd, pathname, 0) #endif static inline bool sb_mkdirat_pre_check(WRAPPER_ARGS_PROTO) diff --git a/libsandbox/wrapper-funcs/mkfifoat.c b/libsandbox/wrapper-funcs/mkfifoat.c index fe1b8e9..06479c5 100644 --- a/libsandbox/wrapper-funcs/mkfifoat.c +++ b/libsandbox/wrapper-funcs/mkfifoat.c @@ -7,5 +7,5 @@ #define WRAPPER_ARGS_PROTO int dirfd, const char *pathname, mode_t mode #define WRAPPER_ARGS dirfd, pathname, mode -#define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(dirfd, pathname) +#define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(dirfd, pathname, 0) #include "__wrapper_simple.c" diff --git a/libsandbox/wrapper-funcs/mknodat.c b/libsandbox/wrapper-funcs/mknodat.c index 50a235e..53f29cf 100644 --- a/libsandbox/wrapper-funcs/mknodat.c +++ b/libsandbox/wrapper-funcs/mknodat.c @@ -7,5 +7,5 @@ #define WRAPPER_ARGS_PROTO int dirfd, const char *pathname, mode_t mode, dev_t dev #define WRAPPER_ARGS dirfd, pathname, mode, dev -#define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(dirfd, pathname) +#define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(dirfd, pathname, 0) #include "__wrapper_simple.c" diff --git a/libsandbox/wrapper-funcs/renameat.c b/libsandbox/wrapper-funcs/renameat.c index 951fea1..84a9aba 100644 --- a/libsandbox/wrapper-funcs/renameat.c +++ b/libsandbox/wrapper-funcs/renameat.c @@ -7,5 +7,5 @@ #define WRAPPER_ARGS_PROTO int olddirfd, const char *oldpath, int newdirfd, const char *newpath #define WRAPPER_ARGS olddirfd, oldpath, newdirfd, newpath -#define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(olddirfd, oldpath) && FUNCTION_SANDBOX_SAFE_AT(newdirfd, newpath) +#define WRAPPER_SAFE() (FUNCTION_SANDBOX_SAFE_AT(olddirfd, oldpath, 0) && FUNCTION_SANDBOX_SAFE_AT(newdirfd, newpath, 0)) #include "__wrapper_simple.c" diff --git a/libsandbox/wrapper-funcs/symlinkat.c b/libsandbox/wrapper-funcs/symlinkat.c index 30c8db9..e54128b 100644 --- a/libsandbox/wrapper-funcs/symlinkat.c +++ b/libsandbox/wrapper-funcs/symlinkat.c @@ -7,5 +7,5 @@ #define WRAPPER_ARGS_PROTO const char *oldpath, int newdirfd, const char *newpath #define WRAPPER_ARGS oldpath, newdirfd, newpath -#define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(newdirfd, newpath) +#define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(newdirfd, newpath, 0) #include "__wrapper_simple.c" diff --git a/libsandbox/wrapper-funcs/unlinkat.c b/libsandbox/wrapper-funcs/unlinkat.c index 8c57f48..ddbbaf6 100644 --- a/libsandbox/wrapper-funcs/unlinkat.c +++ b/libsandbox/wrapper-funcs/unlinkat.c @@ -8,7 +8,7 @@ #ifndef WRAPPER_ARGS_PROTO /* let unlink() use us */ # define WRAPPER_ARGS_PROTO int dirfd, const char *pathname, int flags # define WRAPPER_ARGS dirfd, pathname, flags -# define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(dirfd, pathname) +# define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(dirfd, pathname, flags) #endif static inline bool sb_unlinkat_pre_check(WRAPPER_ARGS_PROTO) diff --git a/libsandbox/wrapper-funcs/utimensat.c b/libsandbox/wrapper-funcs/utimensat.c index 54346f7..8a096ba 100644 --- a/libsandbox/wrapper-funcs/utimensat.c +++ b/libsandbox/wrapper-funcs/utimensat.c @@ -7,5 +7,5 @@ #define WRAPPER_ARGS_PROTO int dirfd, const char *filename, const struct timespec times[], int flags #define WRAPPER_ARGS dirfd, filename, times, flags -#define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(dirfd, filename) +#define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE_AT(dirfd, filename, flags) #include "__wrapper_simple.c" |