@@ -, +, @@ denywrite $ sandbox 'mkdir /tmp/zzz; cd /tmp/zzz; rmdir /tmp/zzz; ls' * sandbox-2.18/libsandbox/libsandbox.c:check_syscall():974: failure (No such file or directory): * ISE: opendir(.) abs_path: (null) res_path: (null) $ sandbox 'mkdir /tmp/zzz; cd /tmp/zzz; rmdir /tmp/zzz; touch ../foo' * sandbox-2.18/libsandbox/libsandbox.c:check_syscall():974: failure (No such file or directory): * ISE: open_wr(../foo) abs_path: (null) res_path: (null) $ ./sandbox.sh 'mkdir /tmp/zzz; cd /tmp/zzz; rmdir /tmp/zzz; touch ../foo' * ACCESS DENIED: open_wr: '../foo' (from deleted directory, see https://bugs.gentoo.org/590084) * ACCESS DENIED: utimensat: '../foo' (from deleted directory, see https://bugs.gentoo.org/590084) touch: cannot touch '../foo': Permission denied --- libsandbox/libsandbox.c | 9 +++++++++ tests/script-16.sh | 11 +++++++++++ tests/script.at | 1 + 3 files changed, 21 insertions(+) create mode 100755 tests/script-16.sh --- a/libsandbox/libsandbox.c +++ a/libsandbox/libsandbox.c @@ -970,6 +970,15 @@ static int check_syscall(sbcontext_t *sbcontext, int sb_nr, const char *func, if (trace_pid && errno == ESRCH) return 2; + /* Underlying directory we operate on went away: #590084 */ + if (!absolute_path && !resolved_path && errno == ENOENT) { + int sym_len = SB_MAX_STRING_LEN + 1 - strlen(func); + if (sbcontext->show_access_violation) + sb_eerror("%sACCESS DENIED%s: %s:%*s'%s' (from deleted directory, see https://bugs.gentoo.org/590084)\n", + COLOR_RED, COLOR_NORMAL, func, sym_len, "", file); + return 0; + } + /* If we get here, something bad happened */ sb_ebort("ISE: %s(%s)\n" "\tabs_path: %s\n" --- a/tests/script-16.sh +++ a/tests/script-16.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +addwrite $PWD + +mkdir -p to-be/deleted +cd to-be/deleted +rmdir ../deleted + +# In https://bugs.gentoo.org/590084 sanbox should deny +# access here and touch should fail: +! touch ../foo --- a/tests/script.at +++ a/tests/script.at @@ -13,3 +13,4 @@ SB_CHECK(12) SB_CHECK(13) SB_CHECK(14) SB_CHECK(15) +SB_CHECK(16) --