aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWilliam Hubbs <w.d.hubbs@gmail.com>2015-02-15 14:56:07 -0600
committerWilliam Hubbs <w.d.hubbs@gmail.com>2015-02-15 16:04:43 -0600
commitb17af3c85fc94ecc12857146ba2133a3782ead52 (patch)
tree85e041357bee8241999d72715eac17dbe876037b
parent3100114bc104741145fb6c1d4b1664759114cc5c (diff)
checkpath: security fix for -m and -o options
Do not change permissions on the target if it is a file and has multiple hard links. This is necessary because a hard link can be an attack vector to gain privilege escalation. X-Gentoo-Bug: 540006 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=540006
-rw-r--r--src/rc/checkpath.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/rc/checkpath.c b/src/rc/checkpath.c
index 94ab4742..b6f1d6a4 100644
--- a/src/rc/checkpath.c
+++ b/src/rc/checkpath.c
@@ -133,6 +133,10 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode,
}
if (mode && (st.st_mode & 0777) != mode) {
+ if ((type != inode_dir) && (st.st_nlink != 1)) {
+ eerror("%s: chown: %s %s", applet, "Too many hard links to", path);
+ return -1;
+ }
einfo("%s: correcting mode", path);
if (chmod(path, mode)) {
eerror("%s: chmod: %s", applet, strerror(errno));
@@ -141,6 +145,10 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode,
}
if (chowner && (st.st_uid != uid || st.st_gid != gid)) {
+ if ((type != inode_dir) && (st.st_nlink != 1)) {
+ eerror("%s: chown: %s %s", applet, "Too many hard links to", path);
+ return -1;
+ }
einfo("%s: correcting owner", path);
if (chown(path, uid, gid)) {
eerror("%s: chown: %s", applet, strerror(errno));