Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 31019 - sandbox doesn't follow the symlinks
Summary: sandbox doesn't follow the symlinks
Status: RESOLVED FIXED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Unclassified (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Portage team
URL:
Whiteboard:
Keywords: Inclusion
Depends on:
Blocks:
 
Reported: 2003-10-13 01:53 UTC by Andrea Luzzardi
Modified: 2011-10-30 22:18 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
makes sandbox follow symlinks (sandbox_follow_symlinks.patch,1.80 KB, patch)
2003-10-13 01:56 UTC, Andrea Luzzardi 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrea Luzzardi 2003-10-13 01:53:40 UTC 
the sandbox doesn't follow symlinks to check whether or not the path is inside or outside the sandbox.
e.g.:
"echo test >> /etc/passwd" will not work, but :
"ln -s /etc/passwd . && echo hello >> passwd" will.

Beside direct links, the parent directories aren't resolved too: 
"ln -s / root" will give you full access to the system through "root/" 
(e.g. "ln -s / root && rm root/etc/passwd" will work).

I've made a patch which will resolve parent directories to check where the file
is really located. It'll also check if the file itself is a symlink, but only for open_wr (as you should be able to remove, rename, etc your symlink).
Comment 1 Andrea Luzzardi 2003-10-13 01:56:49 UTC 
Created attachment 19166 [details, diff]
makes sandbox follow symlinks

This patch will make sandbox follow symlinks. 
In short: if you "ln -s / root", and you do an operation inside root/, 
it'll replace "root/" by "/", and then it'll check if you have the 
correct permissions. If you "ln -s /etc/passwd .", and if you try to	
"echo something >> passwd", it'll see "passwd" is a symlink, and it'll	
deny the open_wr (but you'd still able to do others operations such as 
remove on your symlink).
Please not this patch has been made quickly, and it could be buggy.
Comment 2 SpanKY gentoo-dev 2003-10-13 06:48:49 UTC 
i also encounted this test case ... i wonder if your patch fixes it ...

cd /tmp
mkdir -p realdir/foo/bar
ln -s symdir realdir
cd symdir
<load up sandbox and setup write access for /tmp/symdir only>
cd foo/bar
touch f
<you get an error now about not being able to write /tmp/realdir/foo/bar/f>
Comment 3 Martin Schlemmer (RETIRED) gentoo-dev 2003-10-14 12:18:54 UTC 
I know about this issue, and its actually my doing.  I will explain later
on
why, as plugging it 100% will make things break, I am just currently a bit
swamped.
Comment 4 Student 2003-12-11 02:03:44 UTC 
Another side to this is that sandbox blocks the following sort of thing:

I create a partition and mount it on /portage.
I create the directories tmp, usr and usr.lib in /portage.
Then I link /usr/portage to /portage/usr, /var/tmp/portage to /portage/tmp etc.

Now, I get a sandbox violation when trying to compile most things.

I want to keep portage stuff separately so that when I run out of disk space, due to a big compile (I now have portage on a bigger partition) I don't risk losing e-mail or other var stuff.  

It really would be nice to be able to isolate all the "control" stuff to another filesystem, especially since it makes mounting /usr ro easier and you can still update the portage data, and check whether there are any important updates before remounting rw.
Comment 5 Martin Schlemmer (RETIRED) gentoo-dev 2003-12-13 05:09:57 UTC 
mount --bind them ?
Comment 6 Martin Schlemmer (RETIRED) gentoo-dev 2005-03-13 15:36:58 UTC 
Fixed in cvs.