[3.5.x] Implemented safe_open() in order to avoid symlink race conditions. #1116
Conversation
It makes sure that we do not follow unsafe symlinks, that is a link that belongs to a user, but has a target owned by a different user. It does this in a way that avoids race conditions (between testing if a file is a link, and opening that file, there is a small window of opportunity). Also implements safe_chdir(), to also safeguard chdir() operations. Fixes issue cfengine#3693. (cherry picked from commit 995b9d1) Conflicts: cf-agent/files_editline.c cf-agent/verify_files.c cf-agent/verify_packages.c cf-execd/cf-execd-runner.c cf-key/cf-key-functions.c cf-serverd/server_common.c configure.ac libcfnet/client_code.c libpromises/cf3lex.l libpromises/env_context.c libpromises/parser.c libpromises/pipes_unix.c libpromises/sysinfo.c libpromises/verify_reports.c libutils/hashes.c tests/unit/Makefile.am
[3.5.x] Implemented safe_open() in order to avoid symlink race conditions.
|
Hi, the bug this fixes gives me a 403 error. Any chance of knowing what actual bug(s) this addresses? I don't necessarily need access to your internal tickets (although this is an open source project, it would make sense), but just a summary of what this fixes would be nice... Thanks... :) |
|
All the information you need should be there in the commit message. We don't want to follow symlinks owned by one user, pointing to resources owned by a different user. For example, imagine you are using CFEngine to edit |
It makes sure that we do not follow unsafe symlinks, that is a link
that belongs to a user, but has a target owned by a different user.
It does this in a way that avoids race conditions (between testing if
a file is a link, and opening that file, there is a small window of
opportunity).
Also implements safe_chdir(), to also safeguard chdir() operations.
Fixes issue #3693.
(cherry picked from commit 995b9d1)
Conflicts: