mount: sanitize paths from non-root users
$ mount /root/.ssh/../../dev/sda2 mount: only root can mount UUID=17bc65ec-4125-4e7c-8a7d-e2795064c736 on /boot this is too promiscuous. It seems better to ignore on command line specified paths which are not resolve-able for non-root users. Fixed version: $ mount /root/.ssh/../../dev/sda2 mount: /root/.ssh/../../dev/sda2: Permission denied $ mount /dev/sda2 mount: only root can mount UUID=17bc65ec-4125-4e7c-8a7d-e2795064c736 on /boot Note that this bug has no relation to mount(2) permissions evaluation in suid mode. The way how non-root user specifies paths on command line is completely irrelevant for comparison with fstab entries. Signed-off-by: Karel Zak <kzak@redhat.com>
This commit is contained in:
parent
33c5fd0c5a
commit
5ebbc3865d
|
@ -39,6 +39,7 @@
|
||||||
#include "exitcodes.h"
|
#include "exitcodes.h"
|
||||||
#include "xalloc.h"
|
#include "xalloc.h"
|
||||||
#include "closestream.h"
|
#include "closestream.h"
|
||||||
|
#include "canonicalize.h"
|
||||||
|
|
||||||
#define OPTUTILS_EXIT_CODE MOUNT_EX_USAGE
|
#define OPTUTILS_EXIT_CODE MOUNT_EX_USAGE
|
||||||
#include "optutils.h"
|
#include "optutils.h"
|
||||||
|
@ -603,6 +604,37 @@ static struct libmnt_table *append_fstab(struct libmnt_context *cxt,
|
||||||
return fstab;
|
return fstab;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Check source and target paths -- non-root user should not be able to
|
||||||
|
* resolve paths which are unreadable for him.
|
||||||
|
*/
|
||||||
|
static void sanitize_paths(struct libmnt_context *cxt)
|
||||||
|
{
|
||||||
|
const char *p;
|
||||||
|
struct libmnt_fs *fs = mnt_context_get_fs(cxt);
|
||||||
|
|
||||||
|
if (!fs)
|
||||||
|
return;
|
||||||
|
|
||||||
|
p = mnt_fs_get_target(fs);
|
||||||
|
if (p) {
|
||||||
|
char *np = canonicalize_path_restricted(p);
|
||||||
|
if (!np)
|
||||||
|
err(MOUNT_EX_USAGE, "%s", p);
|
||||||
|
mnt_fs_set_target(fs, np);
|
||||||
|
free(np);
|
||||||
|
}
|
||||||
|
|
||||||
|
p = mnt_fs_get_srcpath(fs);
|
||||||
|
if (p) {
|
||||||
|
char *np = canonicalize_path_restricted(p);
|
||||||
|
if (!np)
|
||||||
|
err(MOUNT_EX_USAGE, "%s", p);
|
||||||
|
mnt_fs_set_source(fs, np);
|
||||||
|
free(np);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
static void __attribute__((__noreturn__)) usage(FILE *out)
|
static void __attribute__((__noreturn__)) usage(FILE *out)
|
||||||
{
|
{
|
||||||
fputs(USAGE_HEADER, out);
|
fputs(USAGE_HEADER, out);
|
||||||
|
@ -970,6 +1002,9 @@ int main(int argc, char **argv)
|
||||||
} else
|
} else
|
||||||
usage(stderr);
|
usage(stderr);
|
||||||
|
|
||||||
|
if (mnt_context_is_restricted(cxt))
|
||||||
|
sanitize_paths(cxt);
|
||||||
|
|
||||||
if (oper) {
|
if (oper) {
|
||||||
/* MS_PROPAGATION operations, let's set the mount flags */
|
/* MS_PROPAGATION operations, let's set the mount flags */
|
||||||
mnt_context_set_mflags(cxt, oper);
|
mnt_context_set_mflags(cxt, oper);
|
||||||
|
|
Loading…
Reference in New Issue