Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use *at functions for directory creation #124

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Use *at functions for directory creation #124

wants to merge 1 commit into from

Conversation

Vogtinator
Copy link
Member

Perform path traversal manually and do not follow symlinks.

Draft because some TODOs still open. Also absolutely untested.

@Vogtinator
Use *at functions for directory creation
fcbc5a7 
Perform path traversal manually and do not follow symlinks.
jsegitz
jsegitz requested changes Sep 24, 2024
View reviewed changes
Copy link

@jsegitz jsegitz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the changes. Since the path sources come from trusted system data that seems good enough. I added two suggestions

sbin/create_dirs_from_rpmdb.c
char *saveptr = NULL;
const char *component = strtok_r(local_path, "/", &saveptr);
while (component) {
int nextdirfd = openat(dirfd, component, O_RDONLY | O_DIRECTORY | O_NOFOLLOW);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would move the error check for this right here to keep it together

sbin/create_dirs_from_rpmdb.c
}
node_basename = node_basename + 1; // Skip /

// Ok to assign mode before chown?
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes

sbin/create_dirs_from_rpmdb.c
fprintf(stderr, "Failed to create directory '%s': %m\n", node->dirname);
rc = 1;
continue;
}

if (chown(node->dirname, node->user_id, node->group_id) < 0) {
// Ok to assign ownership before se labels?
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no, it would be better to first change the labels, then set the owner

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsegitz jsegitz jsegitz requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Vogtinator @jsegitz