1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
From 0b8a272359685c5b9b3c87444c79eeb3b75c9992 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
Date: Thu, 11 Oct 2018 16:44:45 +0200
Subject: [PATCH] abuild-rmtemp: Do not follow symbolic links
Symbolic links might point to files outside of the chroot and
thus might delete files outside the chroot. This allows deletion
of arbitrary directories on the host from a malicious APKBUILD.
Following hard links shouldn't be a problem since hard links (usually)
cannot refer to directories and since remove(3) removes the link, not
the file it points to it shouldn't cause a problem.
I noticed this because alpine-baselayout creates /var/run as a symlink
to /run. Therefore causing /run to be deleted on the host when using
abuild-rmtemp which in turn causes a bunch of software to no longer
function properly (including OpenRC).
---
abuild-rmtemp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/abuild-rmtemp.c b/abuild-rmtemp.c
index 1fca31c..b9511ce 100644
--- a/abuild-rmtemp.c
+++ b/abuild-rmtemp.c
@@ -44,7 +44,7 @@ int main(int argc, char **argv) {
if (!p) errx(1, "Incorrect user");
if (s.st_uid != p->pw_uid) errx(1, "Permission denied");
- if (nftw(argv[1], handler, 512, FTW_DEPTH)) fail();
+ if (nftw(argv[1], handler, 512, FTW_DEPTH|FTW_PHYS)) fail();
return 0;
}
|
