aboutsummaryrefslogtreecommitdiff
path: root/man/openrc-run.8
diff options
context:
space:
mode:
authorWilliam Hubbs <w.d.hubbs@gmail.com>2020-11-20 09:15:59 -0600
committerWilliam Hubbs <w.d.hubbs@gmail.com>2020-11-20 09:15:59 -0600
commitb6fef599bf8493480664b766040fa9b0d4b1e335 (patch)
tree25d19243ee73dfd5cc6e36572b37b52457792110 /man/openrc-run.8
parentaac1734a70b60da97d4d24930f1902ca46894b44 (diff)
checkpath: fix CVE-2018-21269
This walks the directory path to the file we are going to manipulate to make sure that when we create the file and change the ownership and permissions we are working on the same file. Also, all non-terminal symbolic links must be owned by root. This will keep a non-root user from making a symbolic link as described in the bug. If root creates the symbolic link, it is assumed to be trusted. On non-linux platforms, we no longer follow non-terminal symbolic links by default. If you need to do that, add the -s option on the checkpath command line, but keep in mind that this is not secure. This fixes #201.
Diffstat (limited to 'man/openrc-run.8')
-rw-r--r--man/openrc-run.86
1 files changed, 6 insertions, 0 deletions
diff --git a/man/openrc-run.8 b/man/openrc-run.8
index 1102daaa..ec4b88de 100644
--- a/man/openrc-run.8
+++ b/man/openrc-run.8
@@ -461,6 +461,7 @@ Mark the service as inactive.
.Op Fl p , -pipe
.Op Fl m , -mode Ar mode
.Op Fl o , -owner Ar owner
+.Op Fl s , -symlinks
.Op Fl W , -writable
.Op Fl q , -quiet
.Ar path ...
@@ -481,6 +482,11 @@ or with names, and are separated by a colon.
The truncate options (-D and -F) cause the directory or file to be
cleared of all contents.
.Pp
+If -s is not specified on a non-linux platform, checkpath will refuse to
+allow non-terminal symbolic links to exist in the path. This is for
+security reasons so that a non-root user can't create a symbolic link to
+a root-owned file and take ownership of that file.
+.Pp
If -W is specified, checkpath checks to see if the first path given on
the command line is writable. This is different from how the test
command in the shell works, because it also checks to make sure the file