From 83201bd7e4acb4185b6e7978a751b97cc63a0549 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Fri, 4 Sep 2015 14:16:45 +0200
Subject: fuse: Always open files with O_NOFOLLOW

Following symlinks is risky as the sandbox may control them.
---
 document-portal/xdp-fuse.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'document-portal')

diff --git a/document-portal/xdp-fuse.c b/document-portal/xdp-fuse.c
index ce9c4f1..1d53e34 100644
--- a/document-portal/xdp-fuse.c
+++ b/document-portal/xdp-fuse.c
@@ -1247,7 +1247,7 @@ create_tmp_for_doc (XdgAppDbEntry *entry, int dir_fd, int flags, int *fd_out)
   g_autofree char *template = g_strconcat (".xdp_", basename, ".XXXXXX", NULL);
   int fd;
 
-  fd = xdg_app_mkstempat (dir_fd, template, flags, 0600);
+  fd = xdg_app_mkstempat (dir_fd, template, flags|O_CLOEXEC, 0600);
   if (fd == -1)
     return NULL;
 
@@ -1337,7 +1337,7 @@ xdp_fuse_open (fuse_req_t req,
           return;
         }
 
-      fd = openat (dir_fd, backing_basename, get_open_flags (fi));
+      fd = openat (dir_fd, backing_basename, get_open_flags (fi)|O_NOFOLLOW|O_CLOEXEC);
       if (fd < 0)
         {
           fuse_reply_err (req, errno);
@@ -1466,7 +1466,7 @@ xdp_fuse_create (fuse_req_t req,
               return;
             }
 
-          fd = openat (dir_fd, backing_basename, get_open_flags (fi));
+          fd = openat (dir_fd, backing_basename, get_open_flags (fi)|O_NOFOLLOW|O_CLOEXEC);
           if (fd == -1)
             {
               fuse_reply_err (req, errno);
-- 
cgit v1.2.1