From 1c169a4089c3d08069651a33a20be67f26cfbfc4 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Fri, 13 Jan 2023 10:16:35 +0200
Subject: Never follow links in path-based chown()

This is basically a leftover from the initial conversion to the *at()
family in commit 1bab34c6e45c549c7829e469ba35bdececbb84e8 - the logic
was already there and only converted to the *at() form. But this is not
only potentially insecure (remember all those symlink CVEs) but also
wrong simply because it's inconsistent with the other metadata ops which
never follow links in path-based mode.

(cherry picked from commit 3a3e10b9813bdfc4223aedc82292386a50510b04)
---
 lib/fsm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/fsm.c b/lib/fsm.c
index d8bf82a6d..e144a03d8 100644
--- a/lib/fsm.c
+++ b/lib/fsm.c
@@ -558,7 +558,7 @@ static int fsmChown(int fd, int dirfd, const char *path, mode_t mode, uid_t uid,
 	    }
 	}
     } else {
-	int flags = S_ISLNK(mode) ? AT_SYMLINK_NOFOLLOW : 0;
+	int flags = AT_SYMLINK_NOFOLLOW;
 	rc = fchownat(dirfd, path, uid, gid, flags);
 	if (rc < 0) {
 	    struct stat st;
-- 
cgit v1.2.1