Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/libsandbox/wrapper-funcs/mkdirat_pre_check.c
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2010-11-15 05:42:11 -0500
committerMike Frysinger <vapier@gentoo.org>2010-11-15 05:42:11 -0500
commitc473c10a447a285f8c7b762f34c0650f587e1ff4 (patch)
tree6845a6a1dec1d2a9bab09e7071b3abe068d5ead9 /libsandbox/wrapper-funcs/mkdirat_pre_check.c
parenttests: generalize flag parsing to handle AT_* flags better (diff)
downloadsandbox-c473c10a447a285f8c7b762f34c0650f587e1ff4.tar.gz
sandbox-c473c10a447a285f8c7b762f34c0650f587e1ff4.tar.bz2
sandbox-c473c10a447a285f8c7b762f34c0650f587e1ff4.zip
libsandbox: handle dirfd in mkdir/open/unlink *at prechecks
Ignoring the dirfd hasn't been a problem in the past as people weren't really using it, but now that core packages are (like tar), we need to handle things properly. URL: http://bugs.gentoo.org/342983 Reported-by: Xake <xake@rymdraket.net> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'libsandbox/wrapper-funcs/mkdirat_pre_check.c')
-rw-r--r--libsandbox/wrapper-funcs/mkdirat_pre_check.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/libsandbox/wrapper-funcs/mkdirat_pre_check.c b/libsandbox/wrapper-funcs/mkdirat_pre_check.c
index c999e46..d037546 100644
--- a/libsandbox/wrapper-funcs/mkdirat_pre_check.c
+++ b/libsandbox/wrapper-funcs/mkdirat_pre_check.c
@@ -8,10 +8,23 @@
bool sb_mkdirat_pre_check(const char *func, const char *pathname, int dirfd)
{
char canonic[SB_PATH_MAX];
+ char dirfd_path[SB_PATH_MAX];
save_errno();
- /* XXX: need to check pathname with dirfd */
+ /* Expand the dirfd path first */
+ switch (resolve_dirfd_path(dirfd, pathname, dirfd_path)) {
+ case -1:
+ if (is_env_on(ENV_SANDBOX_DEBUG))
+ SB_EINFO("EARLY FAIL", " %s(%s) @ resolve_dirfd_path: %s\n",
+ func, pathname, strerror(errno));
+ return false;
+ case 0:
+ pathname = dirfd_path;
+ break;
+ }
+
+ /* Then break down any relative/symlink paths */
if (-1 == canonicalize(pathname, canonic))
/* see comments in check_syscall() */
if (ENAMETOOLONG != errno) {