diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2015-09-20 03:23:37 -0400 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2015-09-20 03:23:37 -0400 |
| commit | 93d401570d4e54f732c0f821cdbb5ba2e1dee0f3 (patch) | |
| tree | fcac0e9610d45fdb3690a953a6b1457efa7df6c5 /tests | |
| parent | libsbutil: gnulib: import modules for canonicalize_filename_mode (diff) | |
| download | sandbox-93d401570d4e54f732c0f821cdbb5ba2e1dee0f3.tar.gz sandbox-93d401570d4e54f732c0f821cdbb5ba2e1dee0f3.tar.bz2 sandbox-93d401570d4e54f732c0f821cdbb5ba2e1dee0f3.zip | |
libsandbox: fix handling of dangling symlinks
Make sure we properly check the target of symlinks even when the target
does not exist. This caused problems in two ways:
(1) It allowed code to bypass checks by writing through a symlink that
was in a good location but pointed to a bad (non-existent) location.
(2) It caused code to be wrongly rejected when it tried writing to a
symlink in a bad location but pointed to a good location.
In order to get this behavior, we need to use the new gnulib helpers
added in the previous commit. They include functions which can look
up the targets of symlinks even when the final path doesn't exist.
URL: https://bugs.gentoo.org/540828
Reported-by: Rick Farina <zerochaos@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'tests')
| -rwxr-xr-x | tests/script-11.sh | 19 | ||||
| -rwxr-xr-x | tests/script-12.sh | 25 | ||||
| -rw-r--r-- | tests/script.at | 2 |
3 files changed, 46 insertions, 0 deletions
diff --git a/tests/script-11.sh b/tests/script-11.sh new file mode 100755 index 0000000..da9bbbf --- /dev/null +++ b/tests/script-11.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# handle targets of dangling symlinks correctly #540828 +[ "${at_xfail}" = "yes" ] && exit 77 # see script-0 + +# this should fail +mkdir subdir +ln -s subdir/target symlink + +adddeny "${PWD}/subdir" + +echo blah >symlink +# we should not be able to write through the symlink +if [ $? -eq 0 ] ; then + exit 1 +fi + +test -s "${SANDBOX_LOG}" + +exit $? diff --git a/tests/script-12.sh b/tests/script-12.sh new file mode 100755 index 0000000..a80108b --- /dev/null +++ b/tests/script-12.sh @@ -0,0 +1,25 @@ +#!/bin/sh +# handle targets of dangling symlinks correctly #540828 +[ "${at_xfail}" = "yes" ] && exit 77 # see script-0 + +# this should pass +mkdir subdir +ln -s subdir/target symlink + +# make sure the log is in a writable location +SANDBOX_LOG="${PWD}/subdir/log" + +( +# This clobbers all existing writable paths for this one write. +SANDBOX_WRITE="${PWD}/subdir" +echo pass >symlink +) +# we should be able to write through the symlink +if [ $? -ne 0 ] ; then + exit 1 +fi + +# and not gotten a sandbox violation +test ! -s "${SANDBOX_LOG}" + +exit $? diff --git a/tests/script.at b/tests/script.at index 93e370a..f07a8f1 100644 --- a/tests/script.at +++ b/tests/script.at @@ -8,3 +8,5 @@ SB_CHECK(7) SB_CHECK(8) SB_CHECK(9, [wait errpipe... done OK!]) SB_CHECK(10) +SB_CHECK(11) +SB_CHECK(12) |