From 4c47cfa22802fd8201586bef233d8161df4ff61b Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Fri, 10 Mar 2017 10:15:50 -0800 Subject: libsandbox: whitelist renameat/symlinkat as symlink funcs These funcs don't deref their path args, so flag them as such. URL: https://bugs.gentoo.org/612202 Signed-off-by: Mike Frysinger --- libsandbox/libsandbox.c | 4 +++- tests/renameat-2.sh | 12 ++++++++++++ tests/renameat-3.sh | 11 +++++++++++ tests/renameat.at | 2 ++ tests/symlinkat-2.sh | 10 ++++++++++ tests/symlinkat-3.sh | 9 +++++++++ tests/symlinkat.at | 2 ++ 7 files changed, 49 insertions(+), 1 deletion(-) create mode 100755 tests/renameat-2.sh create mode 100755 tests/renameat-3.sh create mode 100755 tests/symlinkat-2.sh create mode 100755 tests/symlinkat-3.sh diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c index e809308..de48bd7 100644 --- a/libsandbox/libsandbox.c +++ b/libsandbox/libsandbox.c @@ -650,8 +650,10 @@ static bool symlink_func(int sb_nr, int flags, const char *abs_path) sb_nr == SB_NR_LCHOWN || sb_nr == SB_NR_REMOVE || sb_nr == SB_NR_RENAME || + sb_nr == SB_NR_RENAMEAT || sb_nr == SB_NR_RMDIR || - sb_nr == SB_NR_SYMLINK)) + sb_nr == SB_NR_SYMLINK || + sb_nr == SB_NR_SYMLINKAT)) { /* These funcs sometimes operate on symlinks */ if (!((sb_nr == SB_NR_FCHOWNAT || diff --git a/tests/renameat-2.sh b/tests/renameat-2.sh new file mode 100755 index 0000000..d0fbe8a --- /dev/null +++ b/tests/renameat-2.sh @@ -0,0 +1,12 @@ +#!/bin/sh +# make sure we can clobber symlinks #612202 + +addwrite $PWD + +ln -s /asdf sym || exit 1 +touch file +renameat-0 0 AT_FDCWD file AT_FDCWD sym || exit 1 +[ ! -e file ] +[ ! -L sym ] +[ -e sym ] +test ! -s "${SANDBOX_LOG}" diff --git a/tests/renameat-3.sh b/tests/renameat-3.sh new file mode 100755 index 0000000..9ae5c9a --- /dev/null +++ b/tests/renameat-3.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# make sure we reject bad renames #612202 + +addwrite $PWD +mkdir deny +adddeny $PWD/deny + +touch file +renameat-0 -1,EACCES AT_FDCWD file AT_FDCWD deny/file || exit 1 +[ -e file ] +test -s "${SANDBOX_LOG}" diff --git a/tests/renameat.at b/tests/renameat.at index 081d7d2..eec4638 100644 --- a/tests/renameat.at +++ b/tests/renameat.at @@ -1 +1,3 @@ SB_CHECK(1) +SB_CHECK(2) +SB_CHECK(3) diff --git a/tests/symlinkat-2.sh b/tests/symlinkat-2.sh new file mode 100755 index 0000000..168362e --- /dev/null +++ b/tests/symlinkat-2.sh @@ -0,0 +1,10 @@ +#!/bin/sh +# make sure we can clobber symlinks #612202 + +addwrite $PWD + +symlinkat-0 0 /asdf AT_FDCWD ./sym || exit 1 +[ -L sym ] +symlinkat-0 -1,EEXIST /asdf AT_FDCWD ./sym || exit 1 +[ -L sym ] +test ! -s "${SANDBOX_LOG}" diff --git a/tests/symlinkat-3.sh b/tests/symlinkat-3.sh new file mode 100755 index 0000000..a01c750 --- /dev/null +++ b/tests/symlinkat-3.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# make sure we reject bad symlinks #612202 + +addwrite $PWD +mkdir deny +adddeny $PWD/deny + +symlinkat-0 -1,EACCES ./ AT_FDCWD deny/sym || exit 1 +test -s "${SANDBOX_LOG}" diff --git a/tests/symlinkat.at b/tests/symlinkat.at index 081d7d2..eec4638 100644 --- a/tests/symlinkat.at +++ b/tests/symlinkat.at @@ -1 +1,3 @@ SB_CHECK(1) +SB_CHECK(2) +SB_CHECK(3) -- cgit v1.2.3