diff options
author | Michael Orlitzky <michael@orlitzky.com> | 2020-11-25 07:15:50 -0500 |
---|---|---|
committer | William Hubbs <w.d.hubbs@gmail.com> | 2020-11-27 17:29:26 -0600 |
commit | 00ea2166081856774f24f7243126f701c7fe6db9 (patch) | |
tree | 4d29c683e4ae0a3feb835fc8aa5956e448bccc36 | |
parent | ac7ca6d901d72b1bc4ed13be5438e825c07fc0da (diff) |
src/rc/checkpath.c: replace mkdir() with mkdirat().
The do_check() function recently gained some defenses against symlink
replacement attacks that involve the use of *at functions in place of
their vanilla counterparts; openat() instead of open(), for example.
One opportunity to replace mkdir() with mkdirat() was missed, however,
and this commit replaces it.
This fixes #386.
-rw-r--r-- | src/rc/checkpath.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/rc/checkpath.c b/src/rc/checkpath.c index 6422446a..1e570de9 100644 --- a/src/rc/checkpath.c +++ b/src/rc/checkpath.c @@ -197,10 +197,10 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode, mode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH; u = umask(0); /* We do not recursively create parents */ - r = mkdir(path, mode); + r = mkdirat(dirfd, name, mode); umask(u); if (r == -1 && errno != EEXIST) { - eerror("%s: mkdir: %s", applet, + eerror("%s: mkdirat: %s", applet, strerror (errno)); return -1; } |