commit: b17af3c85fc94ecc12857146ba2133a3782ead52 Author: William Hubbs <w.d.hubbs <AT> gmail <DOT> com> AuthorDate: Sun Feb 15 20:56:07 2015 +0000 Commit: William Hubbs <williamh <AT> gentoo <DOT> org> CommitDate: Sun Feb 15 22:04:43 2015 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/openrc.git;a=commit;h=b17af3c8
checkpath: security fix for -m and -o options Do not change permissions on the target if it is a file and has multiple hard links. This is necessary because a hard link can be an attack vector to gain privilege escalation. X-Gentoo-Bug: 540006 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=540006 --- src/rc/checkpath.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/rc/checkpath.c b/src/rc/checkpath.c index 94ab474..b6f1d6a 100644 --- a/src/rc/checkpath.c +++ b/src/rc/checkpath.c @@ -133,6 +133,10 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode, } if (mode && (st.st_mode & 0777) != mode) { + if ((type != inode_dir) && (st.st_nlink != 1)) { + eerror("%s: chown: %s %s", applet, "Too many hard links to", path); + return -1; + } einfo("%s: correcting mode", path); if (chmod(path, mode)) { eerror("%s: chmod: %s", applet, strerror(errno)); @@ -141,6 +145,10 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode, } if (chowner && (st.st_uid != uid || st.st_gid != gid)) { + if ((type != inode_dir) && (st.st_nlink != 1)) { + eerror("%s: chown: %s %s", applet, "Too many hard links to", path); + return -1; + } einfo("%s: correcting owner", path); if (chown(path, uid, gid)) { eerror("%s: chown: %s", applet, strerror(errno));
