Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 252345 Details for
Bug 342983
sys-apps/sandbox-2.3 mishandles relative mkdirat() when fd!=AT_FDCWD
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Make mkdirat_pre_check resolv the dirfd if dirfd != AT_FDCWD
0001-Patch-that-makes-mkdirat_pre_check-resolv-the-dirfd-.patch (text/plain), 2.49 KB, created by
Xake
on 2010-10-28 08:28:57 UTC
(
hide
)
Description:
Make mkdirat_pre_check resolv the dirfd if dirfd != AT_FDCWD
Filename:
MIME Type:
Creator:
Xake
Created:
2010-10-28 08:28:57 UTC
Size:
2.49 KB
patch
obsolete
>From 8c521d4f15072c16a6e41b474eaad174a2372e57 Mon Sep 17 00:00:00 2001 >From: Peter Hjalmarsson <xake@rymdraket.net> >Date: Thu, 28 Oct 2010 09:50:04 +0200 >Subject: [PATCH] Patch that makes mkdirat_pre_check resolv the dirfd if dirfd != AT_FDCWD > >This patch makes sandbox handle mkdirat() if dirfd != AT_FDCWD >canonicalize resolvs from CWD, and since you cannot resolv anything >from /proc for AT_FSCWD we keep the canonicalize for those cases, >and in every other case resolv dirfd from /proc, and does our tests on that path. >--- > libsandbox/wrapper-funcs/mkdirat_pre_check.c | 36 +++++++++++++++++++++---- > 1 files changed, 30 insertions(+), 6 deletions(-) > >diff --git a/libsandbox/wrapper-funcs/mkdirat_pre_check.c b/libsandbox/wrapper-funcs/mkdirat_pre_check.c >index c999e46..538a607 100644 >--- a/libsandbox/wrapper-funcs/mkdirat_pre_check.c >+++ b/libsandbox/wrapper-funcs/mkdirat_pre_check.c >@@ -11,15 +11,39 @@ bool sb_mkdirat_pre_check(const char *func, const char *pathname, int dirfd) > > save_errno(); > >- /* XXX: need to check pathname with dirfd */ >- if (-1 == canonicalize(pathname, canonic)) >- /* see comments in check_syscall() */ >- if (ENAMETOOLONG != errno) { >+ if (dirfd == AT_FDCWD) >+ { >+ /* dirfd points to CWD, so we reasolv from there */ >+ if (-1 == canonicalize(pathname, canonic)) >+ /* see comments in check_syscall() */ >+ if (ENAMETOOLONG != errno) { >+ if (is_env_on(ENV_SANDBOX_DEBUG)) >+ SB_EINFO("EARLY FAIL", " %s(%s) @ canonicalize: %s\n", >+ func, pathname, strerror(errno)); >+ return false; >+ } >+ } >+ else >+ { >+ /* dirfd does not point to cwd, so we need to resolv it using /proc */ >+ /* more or less copy-paste from libsandbox.c::before_syscall() */ >+ >+ size_t at_len = sizeof(canonic) - 1 - 1 - (pathname ? strlen(pathname) : 0); >+ sprintf(canonic, "/proc/%i/fd/%i", trace_pid ? : getpid(), dirfd); >+ ssize_t ret = readlink(canonic, canonic, at_len); >+ if (ret == -1) { > if (is_env_on(ENV_SANDBOX_DEBUG)) >- SB_EINFO("EARLY FAIL", " %s(%s) @ canonicalize: %s\n", >- func, pathname, strerror(errno)); >+ SB_EINFO("EARLY FAIL", " %s(%s) @ sb_mkdirat_pre_check,FD_LOOKUP: %s\n", >+ func, canonic, strerror(errno)); >+ /* If the fd isn't found, some guys (glibc) expect errno */ >+ if (errno == ENOENT) >+ errno = EBADF; > return false; > } >+ canonic[ret] = '/'; >+ canonic[ret + 1] = '\0'; >+ strcat(canonic,pathname); >+ } > > /* XXX: Hack to prevent errors if the directory exist, and are > * not writable - we rather return EEXIST than fail. This can >-- >1.7.3.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=252345">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 342983
:
252287
| 252345
