bugzilla #164441 (mock-helper and basedir)
Clark Williams
williams at redhat.com
Mon Feb 27 15:58:18 UTC 2006
On Mon, 2006-02-27 at 09:18 -0600, Clark Williams wrote:
> So, back to my original question: if we *exclude* certain directories as
> candidates for chroot'ing, can we securely move the root? I'm thinking
> of something like the attached patch (minus the #ifdefs).
Grrr. That's what I get for doing something in a hurry. I sent the wrong
patch and I didn't inline it. Sigh.
Here's the patch I *meant* to send:
Index: mock-helper.c
===================================================================
RCS file: /cvs/fedora/mock/src/mock-helper.c,v
retrieving revision 1.7
diff -u -r1.7 mock-helper.c
--- mock-helper.c 14 Jul 2005 18:00:26
+++ mock-helper.c 27 Feb 2006 15:54:09
@@ -55,6 +55,12 @@
exit (1);
}
+#ifdef ARBITRARY_CHROOT
+const char *disallowed[] = {"/bin", "/sbin/", "/usr", "/lib",
+ "/boot", "/dev", "/etc", "/var"
+};
+#endif
+
/*
* perform checks on the given dir
* - is the given dir under the allowed hierarchy ?
@@ -68,9 +74,21 @@
char last;
int retval;
+#ifdef ARBITRARY_CHROOT
+ int i;
+
+ if (strncmp(given, "/", 1) != 0)
+ error("can't chroot to '/'");
+
+ for (i=0; i < sizeof(disallowed) / sizeof(char *); i++) {
+ if (strncmp(given, disallowed[i], strlen(given)) != 0)
+ error("%s: chroot not allowed\n", disallowed[i]);
+ }
+#else
/* does given start with allowed ? */
if (strncmp (given, allowed, strlen (allowed)) != 0)
error ("%s: not under allowed directory (%s)", given, allowed);
+#endif
/* does it try to fool us by using .. ? */
if (strstr (given, "..") != 0)
--
Clark Williams <williams at redhat.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-buildsys-list/attachments/20060227/931ec55c/attachment.sig>
More information about the Fedora-buildsys-list
mailing list