aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libsandbox/libsandbox.c9
-rwxr-xr-xtests/script-16.sh11
-rw-r--r--tests/script.at1
3 files changed, 21 insertions, 0 deletions
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index 0ee92ae..b4d732d 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -970,6 +970,15 @@ static int check_syscall(sbcontext_t *sbcontext, int sb_nr, const char *func,
if (trace_pid && errno == ESRCH)
return 2;
+ /* Underlying directory we operate on went away: #590084 */
+ if (!absolute_path && !resolved_path && errno == ENOENT) {
+ int sym_len = SB_MAX_STRING_LEN + 1 - strlen(func);
+ if (sbcontext->show_access_violation)
+ sb_eerror("%sACCESS DENIED%s: %s:%*s'%s' (from deleted directory, see https://bugs.gentoo.org/590084)\n",
+ COLOR_RED, COLOR_NORMAL, func, sym_len, "", file);
+ return 0;
+ }
+
/* If we get here, something bad happened */
sb_ebort("ISE: %s(%s)\n"
"\tabs_path: %s\n"
diff --git a/tests/script-16.sh b/tests/script-16.sh
new file mode 100755
index 0000000..c668cfa
--- /dev/null
+++ b/tests/script-16.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+addwrite $PWD
+
+mkdir -p to-be/deleted
+cd to-be/deleted
+rmdir ../deleted
+
+# In https://bugs.gentoo.org/590084 sanbox should deny
+# access here and touch should fail:
+! touch ../foo
diff --git a/tests/script.at b/tests/script.at
index 8837bda..f1119ef 100644
--- a/tests/script.at
+++ b/tests/script.at
@@ -13,3 +13,4 @@ SB_CHECK(12)
SB_CHECK(13)
SB_CHECK(14)
SB_CHECK(15)
+SB_CHECK(16) \ No newline at end of file