| Summary: | sys-apps/sandbox: path-handling on paths >= 4096 bytes fails | ||
|---|---|---|---|
| Product: | Portage Development | Reporter: | Kent Fredric (IRC: kent\n) (RETIRED) <kentnl> |
| Component: | Sandbox | Assignee: | Sandbox Maintainers <sandbox> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | erikdenstore+gbugs, kingjon3377, sam, tka |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=553092 https://bugs.gentoo.org/show_bug.cgi?id=447970 |
||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 413621 | ||
| Attachments: |
test/sandbox-path/sandbox-path-0.01.ebuild
files/mkscript.pl emerge --info |
||
Created attachment 402298 [details]
files/mkscript.pl
Created attachment 402300 [details]
emerge --info
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38dbecc5572c0757ef1c39e74303f51cc6784352 commit 38dbecc5572c0757ef1c39e74303f51cc6784352 Author: Sam James <sam@gentoo.org> AuthorDate: 2025-04-06 02:01:02 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-04-06 02:01:02 +0000 sys-apps/coreutils: add 9.6_p20250406 https://lists.gnu.org/archive/html/platform-testers/2025-04/msg00005.html We can drop some XFAILs which are now XPASSes thanks to sandbox fixes. Closes: https://bugs.gentoo.org/413621 Closes: https://bugs.gentoo.org/548250 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/coreutils/Manifest | 2 + sys-apps/coreutils/coreutils-9.6_p20250406.ebuild | 302 ++++++++++++++++++++++ sys-apps/coreutils/coreutils-9999.ebuild | 11 +- 3 files changed, 305 insertions(+), 10 deletions(-) I'm pretty sure floppym fixed this recently but I haven't looked for which commit did it. In summary, I changed it to allow paths over PATH_MAX to silently bypass the sandbox instead of throwing an error or crashing. Specifically, if either sb_abspathat or sb_realpathat fail to resolve the path sandbox will allow the file access. One common way for this to happen is when readlink() fails with ENAMETOOLONG when called on a symlink under /proc/self/fd. Remember that sandbox is primarily a QA tool, not a security barrier. Paths over 4096 bytes are rare enough that this compromise seems reasonable to me. |
Created attachment 402296 [details] test/sandbox-path/sandbox-path-0.01.ebuild Discovered when probing #413621 , but is an independent concern regardless of how that bug eventually gets resolved. Attached is a script / ebuild combination that when run under FEATURES="usersandbox test" guarantees that: - perl can create the path ( Perl can create paths as long as 8kb ) - rm and chmod cannot modify or delete it. Removing usersandbox makes the problem go away. Code in question executes fine as any user. If this problem cannot be resolved, then it needs to be documented somewhere clearly as such, so that ebuild maintainers can kill things that rely on this behaviour with justification.