548250 – sys-apps/sandbox: path-handling on paths >= 4096 bytes fails

Bug 548250 - sys-apps/sandbox: path-handling on paths >= 4096 bytes fails

Summary: sys-apps/sandbox: path-handling on paths >= 4096 bytes fails

Status:	RESOLVED FIXED

Alias:	None

Product:	Portage Development
Classification:	Unclassified
Component:	Sandbox (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Sandbox Maintainers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	413621
	Show dependency tree

Reported:	2015-04-30 13:17 UTC by Kent Fredric (IRC: kent\n) (RETIRED)
Modified:	2025-04-07 15:18 UTC (History)
CC List:	4 users (show)

See Also:	553092 447970
Package list:
Runtime testing required:	---

Attachments
test/sandbox-path/sandbox-path-0.01.ebuild (sandbox-path-0.01.ebuild,623 bytes, text/plain) 2015-04-30 13:17 UTC, Kent Fredric (IRC: kent\n) (RETIRED)	Details
files/mkscript.pl (mkscript.pl,526 bytes, text/plain) 2015-04-30 13:18 UTC, Kent Fredric (IRC: kent\n) (RETIRED)	Details
emerge --info (einfo,8.15 KB, text/plain) 2015-04-30 13:31 UTC, Kent Fredric (IRC: kent\n) (RETIRED)	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kent Fredric (IRC: kent\n) (RETIRED) gentoo-dev

2015-04-30 13:17:14 UTC

Created attachment 402296 [details]
test/sandbox-path/sandbox-path-0.01.ebuild

Discovered when probing #413621 , but is an independent concern regardless of how that bug eventually gets resolved.

Attached is a script / ebuild combination that when run under FEATURES="usersandbox test" guarantees that:

- perl can create the path ( Perl can create paths as long as 8kb )
- rm and chmod cannot modify or delete it.

Removing usersandbox makes the problem go away.

Code in question executes fine as any user.

If this problem cannot be resolved, then it needs to be documented somewhere clearly as such, so that ebuild maintainers can kill things that rely on this behaviour with justification.

Comment 1 Kent Fredric (IRC: kent\n) (RETIRED) gentoo-dev

2015-04-30 13:18:15 UTC

Created attachment 402298 [details]
files/mkscript.pl

Comment 2 Kent Fredric (IRC: kent\n) (RETIRED) gentoo-dev

2015-04-30 13:31:02 UTC

Created attachment 402300 [details]
emerge --info

Comment 3 Larry the Git Cow gentoo-dev

2025-04-06 02:02:27 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38dbecc5572c0757ef1c39e74303f51cc6784352

commit 38dbecc5572c0757ef1c39e74303f51cc6784352
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2025-04-06 02:01:02 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2025-04-06 02:01:02 +0000

    sys-apps/coreutils: add 9.6_p20250406
    
    https://lists.gnu.org/archive/html/platform-testers/2025-04/msg00005.html
    
    We can drop some XFAILs which are now XPASSes thanks to sandbox fixes.
    
    Closes: https://bugs.gentoo.org/413621
    Closes: https://bugs.gentoo.org/548250
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-apps/coreutils/Manifest                       |   2 +
 sys-apps/coreutils/coreutils-9.6_p20250406.ebuild | 302 ++++++++++++++++++++++
 sys-apps/coreutils/coreutils-9999.ebuild          |  11 +-
 3 files changed, 305 insertions(+), 10 deletions(-)

Comment 4 Sam James archtester

2025-04-06 02:14:03 UTC

I'm pretty sure floppym fixed this recently but I haven't looked for which commit did it.

Comment 5 Mike Gilbert gentoo-dev

2025-04-07 15:18:08 UTC

In summary, I changed it to allow paths over PATH_MAX to silently bypass the sandbox instead of throwing an error or crashing.

Specifically, if either sb_abspathat or sb_realpathat fail to resolve the path sandbox will allow the file access. One common way for this to happen is when readlink() fails with ENAMETOOLONG when called on a symlink under /proc/self/fd.

Remember that sandbox is primarily a QA tool, not a security barrier. Paths over 4096 bytes are rare enough that this compromise seems reasonable to me.