From cc8cc8f32c863f3ae6a8a88e97b47bcd6a21825f Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Mon, 26 Nov 2012 16:25:46 +0100 Subject: umount: sanitize paths from non-root users Signed-off-by: Karel Zak --- sys-utils/umount.c | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) (limited to 'sys-utils/umount.c') diff --git a/sys-utils/umount.c b/sys-utils/umount.c index 06d33de1d..396052c5f 100644 --- a/sys-utils/umount.c +++ b/sys-utils/umount.c @@ -36,6 +36,7 @@ #include "exitcodes.h" #include "closestream.h" #include "pathnames.h" +#include "canonicalize.h" static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__)), const char *filename, int line) @@ -401,6 +402,24 @@ static int umount_recursive(struct libmnt_context *cxt, const char *spec) return rc; } +/* + * Check path -- non-root user should not be able to resolve path which is + * unreadable for him. + */ +static char *sanitize_path(const char *path) +{ + char *p; + + if (!path) + return NULL; + + p = canonicalize_path_restricted(path); + if (!p) + err(MOUNT_EX_USAGE, "%s", path); + + return p; +} + int main(int argc, char **argv) { int c, rc = 0, all = 0, recursive = 0; @@ -531,8 +550,17 @@ int main(int argc, char **argv) while (argc--) rc += umount_recursive(cxt, *argv++); } else { - while (argc--) - rc += umount_one(cxt, *argv++); + while (argc--) { + char *path = *argv++; + + if (mnt_context_is_restricted(cxt)) + path = sanitize_path(path); + + rc += umount_one(cxt, path); + + if (mnt_context_is_restricted(cxt)) + free(path); + } } mnt_free_context(cxt); -- cgit v1.2.3-55-g7522