Skip to content
Browse files

do more checks on packages.list

Change-Id: I16d6eab5e674c860be915fde2da7877994bed314
  • Loading branch information...
1 parent a8185a6 commit 4ae77160727f8b92d61028269d1f49ae16873a08 Nick Kralevich committed Feb 9, 2012
Showing with 10 additions and 0 deletions.
  1. +10 −0 run-as/package.c
View
10 run-as/package.c
@@ -89,6 +89,16 @@ map_file(const char* filename, size_t* filesize)
if (ret < 0)
goto EXIT;
+ /* Ensure that the file is owned by the system user */
+ if ((st.st_uid != AID_SYSTEM) || (st.st_gid != AID_SYSTEM)) {
+ goto EXIT;
+ }
+
+ /* Ensure that the file has sane permissions */
+ if ((st.st_mode & S_IWOTH) != 0) {
+ goto EXIT;
+ }
+
/* Ensure that the size is not ridiculously large */
length = (size_t)st.st_size;
if ((off_t)length != st.st_size) {

0 comments on commit 4ae7716

Please sign in to comment.
Something went wrong with that request. Please try again.