Attachment 668006 Details for Bug 737220 – 0001-etc-sandbox.conf-allow-usr-tmp-for-write.patch

[patch] 0001-etc-sandbox.conf-allow-usr-tmp-for-write.patch

0001-etc-sandbox.conf-allow-usr-tmp-for-write.patch (text/plain), 1.25 KB, created by Sergei Trofimovich (RETIRED) on 2020-10-23 07:13:44 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Sergei Trofimovich (RETIRED)

Created: 2020-10-23 07:13:44 UTC

Size: 1.25 KB

patch

obsolete

>From 7cb30c002dcd842472a5f3d604dba299da175b38 Mon Sep 17 00:00:00 2001
>From: Sergei Trofimovich <slyfox@gentoo.org>
>Date: Fri, 23 Oct 2020 08:07:55 +0100
>Subject: [PATCH] etc/sandbox.conf: allow /usr/tmp/ for write
>
>In bug #737220 sandbox was debying write access to /usr/tmp
>(a symlink to /var/tmp) for statically linked binaries.
>
>It happens because erealpath() helper conservatively does not
>resolve any symlink for external traced processes (to avoid
>symlink confusion via /proc/ that could refer to tracer and not
>tracee).
>
>Instead of fixing erealpath() to handle more cases of symlinks
>let's just allow /usr/tmp as it it was /var/tmp.
>
>Reported-by: Kirill Chibisov
>Bug: https://bugs.gentoo.org/737220
>Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
>---
> etc/sandbox.conf | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/etc/sandbox.conf b/etc/sandbox.conf
>index 5f09ee4..2501e11 100644
>--- a/etc/sandbox.conf
>+++ b/etc/sandbox.conf
>@@ -86,7 +86,7 @@ SANDBOX_WRITE="/dev/console:/dev/tty:/dev/vc/:/dev/pty:/dev/tts"
> # Device filesystems
> SANDBOX_WRITE="/dev/ptmx:/dev/pts/:/dev/shm"
> # Tempory storage
>-SANDBOX_WRITE="/tmp/:/var/tmp/"
>+SANDBOX_WRITE="/tmp/:/var/tmp/:/usr/tmp/"
> # Needed for shells
> SANDBOX_WRITE="${HOME}/.bash_history"
> 
>-- 
>2.29.0
>

Actions: View | Diff

Attachments on bug 737220: 654734 | 654736 | 668006