summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakob Unterwurzacher2017-12-05 23:31:07 +0100
committerJakob Unterwurzacher2017-12-05 23:31:07 +0100
commit03bf604fc08abc9bb2d75bde21c96c9df4894a3b (patch)
tree3f96a2032ca78fd27f677d8833a6ad03d7598684
parent926cb93b50d6a573dbbef59ff841960b9d824c37 (diff)
syscallcompat: OpenNofollow: use O_DIRECTORY flag
...when opening intermedia directories to give us an extra layer of safety. From the FreeBSD man page: This flag can be used to prevent applications with elevated privileges from opening files which are even unsafe to open with O_RDONLY, such as device nodes.
Diffstat
-rw-r--r--internal/syscallcompat/open_nofollow.go6
-rw-r--r--internal/syscallcompat/open_nofollow_test.go4
2 files changed, 5 insertions, 5 deletions
diff --git a/internal/syscallcompat/open_nofollow.go b/internal/syscallcompat/open_nofollow.go
index 1afa54c..4f75bd6 100644
--- a/internal/syscallcompat/open_nofollow.go
+++ b/internal/syscallcompat/open_nofollow.go
@@ -22,8 +22,8 @@ func OpenNofollow(baseDir string, relPath string, flags int, mode uint32) (fd in
tlog.Warn.Printf("BUG: OpenNofollow called with absolute relPath=%q", relPath)
return -1, syscall.EINVAL
}
- // Open the base dir
- dirfd, err := syscall.Open(baseDir, syscall.O_RDONLY, 0)
+ // Open the base dir (following symlinks)
+ dirfd, err := syscall.Open(baseDir, syscall.O_RDONLY|syscall.O_DIRECTORY, 0)
if err != nil {
return -1, err
}
@@ -39,7 +39,7 @@ func OpenNofollow(baseDir string, relPath string, flags int, mode uint32) (fd in
// Walk intermediate directories
var dirfd2 int
for _, name := range dirs {
- dirfd2, err = Openat(dirfd, name, syscall.O_RDONLY|syscall.O_NOFOLLOW, 0)
+ dirfd2, err = Openat(dirfd, name, syscall.O_RDONLY|syscall.O_NOFOLLOW|syscall.O_DIRECTORY, 0)
syscall.Close(dirfd)
if err != nil {
return -1, err
diff --git a/internal/syscallcompat/open_nofollow_test.go b/internal/syscallcompat/open_nofollow_test.go
index 37ea76b..1f21557 100644
--- a/internal/syscallcompat/open_nofollow_test.go
+++ b/internal/syscallcompat/open_nofollow_test.go
@@ -31,8 +31,8 @@ func TestOpenNofollow(t *testing.T) {
if err == nil {
t.Fatalf("should have failed")
}
- if err != syscall.ELOOP {
- t.Errorf("expected ELOOP, got %v", err)
+ if err != syscall.ELOOP && err != syscall.ENOTDIR {
+ t.Errorf("expected ELOOP or ENOTDIR, got %v", err)
}
// Check to see that the base dir can be opened as well
fd, err = OpenNofollow(tmpDir, "", syscall.O_RDONLY, 0)
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 07:43:27 +0000