diff options
author | Karel Zak | 2012-11-26 16:25:46 +0100 |
---|---|---|
committer | Karel Zak | 2012-11-26 16:25:46 +0100 |
commit | cc8cc8f32c863f3ae6a8a88e97b47bcd6a21825f (patch) | |
tree | 57a290b93555ec0f689820292c20baa54113fac7 /sys-utils/umount.c | |
parent | mount: sanitize paths from non-root users (diff) | |
download | kernel-qcow2-util-linux-cc8cc8f32c863f3ae6a8a88e97b47bcd6a21825f.tar.gz kernel-qcow2-util-linux-cc8cc8f32c863f3ae6a8a88e97b47bcd6a21825f.tar.xz kernel-qcow2-util-linux-cc8cc8f32c863f3ae6a8a88e97b47bcd6a21825f.zip |
umount: sanitize paths from non-root users
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'sys-utils/umount.c')
-rw-r--r-- | sys-utils/umount.c | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/sys-utils/umount.c b/sys-utils/umount.c index 06d33de1d..396052c5f 100644 --- a/sys-utils/umount.c +++ b/sys-utils/umount.c @@ -36,6 +36,7 @@ #include "exitcodes.h" #include "closestream.h" #include "pathnames.h" +#include "canonicalize.h" static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__)), const char *filename, int line) @@ -401,6 +402,24 @@ static int umount_recursive(struct libmnt_context *cxt, const char *spec) return rc; } +/* + * Check path -- non-root user should not be able to resolve path which is + * unreadable for him. + */ +static char *sanitize_path(const char *path) +{ + char *p; + + if (!path) + return NULL; + + p = canonicalize_path_restricted(path); + if (!p) + err(MOUNT_EX_USAGE, "%s", path); + + return p; +} + int main(int argc, char **argv) { int c, rc = 0, all = 0, recursive = 0; @@ -531,8 +550,17 @@ int main(int argc, char **argv) while (argc--) rc += umount_recursive(cxt, *argv++); } else { - while (argc--) - rc += umount_one(cxt, *argv++); + while (argc--) { + char *path = *argv++; + + if (mnt_context_is_restricted(cxt)) + path = sanitize_path(path); + + rc += umount_one(cxt, path); + + if (mnt_context_is_restricted(cxt)) + free(path); + } } mnt_free_context(cxt); |