diff options
author | Panu Matilainen <pmatilai@redhat.com> | 2023-01-13 10:16:35 +0200 |
---|---|---|
committer | Michal Domonkos <mdomonko@redhat.com> | 2023-03-13 15:32:25 +0100 |
commit | 1c169a4089c3d08069651a33a20be67f26cfbfc4 (patch) | |
tree | 7df052a8b03693b9b110833fba30abbdfc14a99b | |
parent | 8b5cce9a68f93a3b7826a9de6547341855e9dfe2 (diff) | |
download | rpm-1c169a4089c3d08069651a33a20be67f26cfbfc4.tar.gz |
Never follow links in path-based chown()
This is basically a leftover from the initial conversion to the *at()
family in commit 1bab34c6e45c549c7829e469ba35bdececbb84e8 - the logic
was already there and only converted to the *at() form. But this is not
only potentially insecure (remember all those symlink CVEs) but also
wrong simply because it's inconsistent with the other metadata ops which
never follow links in path-based mode.
(cherry picked from commit 3a3e10b9813bdfc4223aedc82292386a50510b04)
-rw-r--r-- | lib/fsm.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -558,7 +558,7 @@ static int fsmChown(int fd, int dirfd, const char *path, mode_t mode, uid_t uid, } } } else { - int flags = S_ISLNK(mode) ? AT_SYMLINK_NOFOLLOW : 0; + int flags = AT_SYMLINK_NOFOLLOW; rc = fchownat(dirfd, path, uid, gid, flags); if (rc < 0) { struct stat st; |