diff options
| author | Kaz Kylheku <kaz@kylheku.com> | 2022-07-30 12:09:51 -0700 |
|---|---|---|
| committer | Kaz Kylheku <kaz@kylheku.com> | 2022-07-30 12:09:51 -0700 |
| commit | 49255506f37ba61514c55b2f8bd6515ba1cae3c3 (patch) | |
| tree | f7e1fefba40b1bfebfcdd35e65f7078e43039242 /tests/018 | |
| parent | 9650fbc008dd1aaf10967ef367e5feb08f98937a (diff) | |
| download | txr-49255506f37ba61514c55b2f8bd6515ba1cae3c3.tar.gz txr-49255506f37ba61514c55b2f8bd6515ba1cae3c3.tar.bz2 txr-49255506f37ba61514c55b2f8bd6515ba1cae3c3.zip | |
path-components-safe: tighten /proc check
Attacks are possible via /proc/<pid>/fd/<n> involving
a deleted file, whereby the link target changes from
"/path/to/file" to "/path/to/file (deleted)", which
can be perpetrated by a different user, not related
to process <pid>, who has access to perform
unlink("/path/to/file").
* stdlib/path-test.tl (safe-abs-path): Perform the
pattern check regardless of effective user ID.
* tests/018/path-safe.tl: Test cases adjusted.
Diffstat (limited to 'tests/018')
| -rw-r--r-- | tests/018/path-safe.tl | 51 |
1 files changed, 21 insertions, 30 deletions
diff --git a/tests/018/path-safe.tl b/tests/018/path-safe.tl index 2c86ca3e..77b92321 100644 --- a/tests/018/path-safe.tl +++ b/tests/018/path-safe.tl @@ -81,34 +81,25 @@ (seteuid 0) (rename-path "z" "b/c") -(seteuid 10000) - -(test - (path-components-safe "a") nil) - -(mtest - (path-components-safe "/proc/1") t - (path-components-safe "/proc/1/cwd") :error - (path-components-safe "/proc/self/cwd") t) - -(seteuid 0) -(mtest - (path-components-safe "/proc/1") t - (path-components-safe "/proc/1/fd") t - (path-components-safe "/proc/sys/../1") t - (path-components-safe "/proc/1/cwd") nil - (path-components-safe "/proc/1/cwd/foo") nil - (path-components-safe "/proc/self/cwd") nil - (path-components-safe "/proc/self/cwd/foo") nil - (path-components-safe "/proc/1/root") nil - (path-components-safe "/proc/1/root/foo") nil - (path-components-safe "/proc/1/fd/0") nil - (path-components-safe "/proc/1/fd/0/bar") nil - (path-components-safe "/proc/1/map_files") nil - (path-components-safe "/proc/1/map_files/bar") nil - (path-components-safe "/proc/sys/../1/cwd") nil - (path-components-safe "/proc/1/task/1") t - (path-components-safe "/proc/1/task/1/fd/0") nil - (path-components-safe "/proc/1/task/1/cwd") nil - (path-components-safe "/proc/1/task/1/root") nil) +(each ((uid '(10000 0))) + (mtest + (path-components-safe "a") nil + (path-components-safe "/proc/1") t + (path-components-safe "/proc/1/fd") t + (path-components-safe "/proc/sys/../1") t + (path-components-safe "/proc/1/cwd") nil + (path-components-safe "/proc/1/cwd/foo") nil + (path-components-safe "/proc/self/cwd") nil + (path-components-safe "/proc/self/cwd/foo") nil + (path-components-safe "/proc/1/root") nil + (path-components-safe "/proc/1/root/foo") nil + (path-components-safe "/proc/1/fd/0") nil + (path-components-safe "/proc/1/fd/0/bar") nil + (path-components-safe "/proc/1/map_files") nil + (path-components-safe "/proc/1/map_files/bar") nil + (path-components-safe "/proc/sys/../1/cwd") nil + (path-components-safe "/proc/1/task/1") t + (path-components-safe "/proc/1/task/1/fd/0") nil + (path-components-safe "/proc/1/task/1/cwd") nil + (path-components-safe "/proc/1/task/1/root") nil))1 |