Browse files

tmpfiles: don't resolve pathnames when traversing recursively through…

… directory trees

Otherwise we can be fooled if one path component is replaced underneath us.

The patch achieves that by always operating at file descriptor level (by using
*at() helpers) and by making sure we do not any path resolution when traversing
direcotry trees.

However this is not always possible, for instance when listing the content of a
directory or some operations don't provide the *at() helpers or others (such as
fchmodat()) don't have the AT_EMPTY_PATH flag. In such cases we operate on
/proc/self/fd/%i pseudo-symlink instead, which works the same for all kinds of
objects and requires no checking of type beforehand.

Also O_PATH flag is used when opening file objects in order to prevent
undesired behaviors: device nodes from reacting, automounts from
triggering, etc...

Fixes: #7986
Fixes: CVE-2018-6954
  • Loading branch information...
fbuihuu committed Mar 2, 2018
1 parent 56114d4 commit 936f6bdb803c432578e2cdcc5f93f3bfff93aff0
Showing with 239 additions and 124 deletions.
  1. +239 −124 src/tmpfiles/tmpfiles.c
Oops, something went wrong.

0 comments on commit 936f6bd

Please sign in to comment.