-
Notifications
You must be signed in to change notification settings - Fork 542
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
62 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
From 031bb5a5d0d950253b68138b498dc93be69a64cb Mon Sep 17 00:00:00 2001 | ||
From: Matthias Gerstner <matthias.gerstner@suse.de> | ||
Date: Wed, 27 Dec 2023 14:01:59 +0100 | ||
Subject: [PATCH] pam_namespace: protect_dir(): use O_DIRECTORY to prevent | ||
local DoS situations | ||
|
||
Without O_DIRECTORY the path crawling logic is subject to e.g. FIFOs | ||
being placed in user controlled directories, causing the PAM module to | ||
block indefinitely during `openat()`. | ||
|
||
Pass O_DIRECTORY to cause the `openat()` to fail if the path does not | ||
refer to a directory. | ||
|
||
With this the check whether the final path element is a directory | ||
becomes unnecessary, drop it. | ||
--- | ||
modules/pam_namespace/pam_namespace.c | 18 +----------------- | ||
1 file changed, 1 insertion(+), 17 deletions(-) | ||
|
||
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c | ||
index 2528cff86..f72d67189 100644 | ||
--- a/modules/pam_namespace/pam_namespace.c | ||
+++ b/modules/pam_namespace/pam_namespace.c | ||
@@ -1201,7 +1201,7 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, | ||
int dfd = AT_FDCWD; | ||
int dfd_next; | ||
int save_errno; | ||
- int flags = O_RDONLY; | ||
+ int flags = O_RDONLY | O_DIRECTORY; | ||
int rv = -1; | ||
struct stat st; | ||
|
||
@@ -1255,22 +1255,6 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, | ||
rv = openat(dfd, dir, flags); | ||
} | ||
|
||
- if (rv != -1) { | ||
- if (fstat(rv, &st) != 0) { | ||
- save_errno = errno; | ||
- close(rv); | ||
- rv = -1; | ||
- errno = save_errno; | ||
- goto error; | ||
- } | ||
- if (!S_ISDIR(st.st_mode)) { | ||
- close(rv); | ||
- errno = ENOTDIR; | ||
- rv = -1; | ||
- goto error; | ||
- } | ||
- } | ||
- | ||
if (flags & O_NOFOLLOW) { | ||
/* we are inside user-owned dir - protect */ | ||
if (protect_mount(rv, p, idata) == -1) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters