1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
From 00ea2166081856774f24f7243126f701c7fe6db9 Mon Sep 17 00:00:00 2001
From: Michael Orlitzky <michael@orlitzky.com>
Date: Wed, 25 Nov 2020 07:15:50 -0500
Subject: [PATCH] src/rc/checkpath.c: replace mkdir() with mkdirat().
The do_check() function recently gained some defenses against symlink
replacement attacks that involve the use of *at functions in place of
their vanilla counterparts; openat() instead of open(), for example.
One opportunity to replace mkdir() with mkdirat() was missed, however,
and this commit replaces it.
This fixes #386.
---
src/rc/checkpath.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/rc/checkpath.c b/src/rc/checkpath.c
index 6422446a1..1e570de92 100644
--- a/src/rc/checkpath.c
+++ b/src/rc/checkpath.c
@@ -197,10 +197,10 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode,
mode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH;
u = umask(0);
/* We do not recursively create parents */
- r = mkdir(path, mode);
+ r = mkdirat(dirfd, name, mode);
umask(u);
if (r == -1 && errno != EEXIST) {
- eerror("%s: mkdir: %s", applet,
+ eerror("%s: mkdirat: %s", applet,
strerror (errno));
return -1;
}
|
