summaryrefslogtreecommitdiffstats
path: root/abuild-rmtemp.c
Commit message (Collapse)AuthorAgeFilesLines
* abuild-rmtemp: Do not follow symbolic linksSören Tempel2018-10-111-1/+1
| | | | | | | | | | | | | | | Symbolic links might point to files outside of the chroot and thus might delete files outside the chroot. This allows deletion of arbitrary directories on the host from a malicious APKBUILD. Following hard links shouldn't be a problem since hard links (usually) cannot refer to directories and since remove(3) removes the link, not the file it points to it shouldn't cause a problem. I noticed this because alpine-baselayout creates /var/run as a symlink to /run. Therefore causing /run to be deleted on the host when using abuild-rmtemp which in turn causes a bunch of software to no longer function properly (including OpenRC).
* abuild-rmtemp: define _XOPEN_SOURCE to ensure FTW_DEPTH is visibleA. Wilcox2017-09-191-0/+1
|
* abuild: build in chrootKaarle Ritvanen2017-06-271-0/+49
This patch is based on earlier work by Timo Teräs.