bugzilla #164441 (mock-helper and basedir)

[Clark Williams]

On Mon, 2006-02-27 at 09:18 -0600, Clark Williams wrote:
> So, back to my original question: if we *exclude* certain directories as
> candidates for chroot'ing, can we securely move the root? I'm thinking
> of something like the attached patch (minus the #ifdefs).

Grrr. That's what I get for doing something in a hurry. I sent the wrong
patch and I didn't inline it. Sigh.

Here's the patch I *meant* to send:
Index: mock-helper.c
===================================================================
RCS file: /cvs/fedora/mock/src/mock-helper.c,v
retrieving revision 1.7
diff -u -r1.7 mock-helper.c
--- mock-helper.c 14 Jul 2005 18:00:26
+++ mock-helper.c 27 Feb 2006 15:54:09
@@ -55,6 +55,12 @@
   exit (1);
 }
 
+#ifdef ARBITRARY_CHROOT
+const char *disallowed[] = {"/bin", "/sbin/", "/usr", "/lib", 
+			    "/boot", "/dev", "/etc", "/var"
+};
+#endif
+
 /*
  * perform checks on the given dir
  * - is the given dir under the allowed hierarchy ?
@@ -68,9 +74,21 @@
   char last;
   int retval;
 
+#ifdef ARBITRARY_CHROOT
+  int i;
+
+  if (strncmp(given, "/", 1) != 0)
+	  error("can't chroot to '/'");
+
+  for (i=0; i < sizeof(disallowed) / sizeof(char *); i++) {
+	  if (strncmp(given, disallowed[i], strlen(given)) != 0)
+		  error("%s: chroot not allowed\n", disallowed[i]);
+  }
+#else
   /* does given start with allowed ? */
   if (strncmp (given, allowed, strlen (allowed)) != 0)
     error ("%s: not under allowed directory (%s)", given, allowed);
+#endif
 
   /* does it try to fool us by using .. ? */
   if (strstr (given, "..") != 0)


-- 
Clark Williams <williams at redhat.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-buildsys-list/attachments/20060227/931ec55c/attachment.sig>