diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2017-03-10 10:15:50 -0800 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2017-03-10 10:15:50 -0800 |
| commit | 4c47cfa22802fd8201586bef233d8161df4ff61b (patch) | |
| tree | 14994e1b6145e04a19678104bfda543e705fe08a /libsandbox | |
| parent | libsbutil: elide sb_maybe_gdb when -DNDEBUG is used (diff) | |
| download | sandbox-4c47cfa22802fd8201586bef233d8161df4ff61b.tar.gz sandbox-4c47cfa22802fd8201586bef233d8161df4ff61b.tar.bz2 sandbox-4c47cfa22802fd8201586bef233d8161df4ff61b.zip | |
libsandbox: whitelist renameat/symlinkat as symlink funcs
These funcs don't deref their path args, so flag them as such.
URL: https://bugs.gentoo.org/612202
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'libsandbox')
| -rw-r--r-- | libsandbox/libsandbox.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c index e809308..de48bd7 100644 --- a/libsandbox/libsandbox.c +++ b/libsandbox/libsandbox.c @@ -650,8 +650,10 @@ static bool symlink_func(int sb_nr, int flags, const char *abs_path) sb_nr == SB_NR_LCHOWN || sb_nr == SB_NR_REMOVE || sb_nr == SB_NR_RENAME || + sb_nr == SB_NR_RENAMEAT || sb_nr == SB_NR_RMDIR || - sb_nr == SB_NR_SYMLINK)) + sb_nr == SB_NR_SYMLINK || + sb_nr == SB_NR_SYMLINKAT)) { /* These funcs sometimes operate on symlinks */ if (!((sb_nr == SB_NR_FCHOWNAT || |