diff options
| author |  Igor Bukanov <igor@mir2.org> | 2017-01-29 18:13:30 +0100 |
|---|---|---|
| committer | Igor Bukanov <igor@mir2.org> | 2017-01-29 18:13:30 +0100 |
| commit | 5292798bb4fffc2f8c9b6de2bf373cf86ebf8e3b (patch) | |
| tree | 28c099109c594d49f455be3cd437ff2bc780b651 /test/appimage | |
| parent | support allow-private-blacklist in profile files (diff) | |
| download | firejail-5292798bb4fffc2f8c9b6de2bf373cf86ebf8e3b.tar.gz firejail-5292798bb4fffc2f8c9b6de2bf373cf86ebf8e3b.tar.zst firejail-5292798bb4fffc2f8c9b6de2bf373cf86ebf8e3b.zip | |
fixing --hosts-file privelege check
Currently the code uses the access() call to check if the user has an access to a file that is copied into the root as /etc/hosts. This inevitably adds a race when the user changes the file to a symbolic link pointing to an arbitrary location on the filsystem after the access check is done but before opening the file to copy it. This potentially allows to read any file on the system.
To close this the code adds a utility copy_file_from_user_to_root . It opens the copy destination file as root and then forks/drop privileges. Then as a user the utility opens the source file and do the copy into the destination descriptor that is preserved accross the fork.
Diffstat (limited to 'test/appimage')
0 files changed, 0 insertions, 0 deletions