diff options
author | Alexander Larsson <alexl@redhat.com> | 2015-09-04 14:16:45 +0200 |
---|---|---|
committer | Alexander Larsson <alexl@redhat.com> | 2015-09-04 14:16:45 +0200 |
commit | 83201bd7e4acb4185b6e7978a751b97cc63a0549 (patch) | |
tree | 94b3a4e42bc2fb9a3cef918ffbf7e3ec7e4e4b66 | |
parent | 0c07417d5f4d2ba65e0e97de435ecb07177f23f3 (diff) | |
download | xdg-app-83201bd7e4acb4185b6e7978a751b97cc63a0549.tar.gz |
fuse: Always open files with O_NOFOLLOW
Following symlinks is risky as the sandbox may control them.
-rw-r--r-- | document-portal/xdp-fuse.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/document-portal/xdp-fuse.c b/document-portal/xdp-fuse.c index ce9c4f1..1d53e34 100644 --- a/document-portal/xdp-fuse.c +++ b/document-portal/xdp-fuse.c @@ -1247,7 +1247,7 @@ create_tmp_for_doc (XdgAppDbEntry *entry, int dir_fd, int flags, int *fd_out) g_autofree char *template = g_strconcat (".xdp_", basename, ".XXXXXX", NULL); int fd; - fd = xdg_app_mkstempat (dir_fd, template, flags, 0600); + fd = xdg_app_mkstempat (dir_fd, template, flags|O_CLOEXEC, 0600); if (fd == -1) return NULL; @@ -1337,7 +1337,7 @@ xdp_fuse_open (fuse_req_t req, return; } - fd = openat (dir_fd, backing_basename, get_open_flags (fi)); + fd = openat (dir_fd, backing_basename, get_open_flags (fi)|O_NOFOLLOW|O_CLOEXEC); if (fd < 0) { fuse_reply_err (req, errno); @@ -1466,7 +1466,7 @@ xdp_fuse_create (fuse_req_t req, return; } - fd = openat (dir_fd, backing_basename, get_open_flags (fi)); + fd = openat (dir_fd, backing_basename, get_open_flags (fi)|O_NOFOLLOW|O_CLOEXEC); if (fd == -1) { fuse_reply_err (req, errno); |