44 lines
1.6 KiB
Diff
44 lines
1.6 KiB
Diff
From 3d38013418d0c5304dfbafcb0b2a5b4062964c53 Mon Sep 17 00:00:00 2001
|
|
From: zhongtao <zhongtao17@huawei.com>
|
|
Date: Wed, 13 Dec 2023 15:13:12 +0800
|
|
Subject: [PATCH 55/64] verify the mount dir first and then create tmpdir
|
|
|
|
Signed-off-by: zhongtao <zhongtao17@huawei.com>
|
|
---
|
|
src/utils/tar/util_archive.c | 12 ++++++------
|
|
1 file changed, 6 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
|
|
index 29c2bc03..655b3516 100644
|
|
--- a/src/utils/tar/util_archive.c
|
|
+++ b/src/utils/tar/util_archive.c
|
|
@@ -235,6 +235,12 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
|
|
return -1;
|
|
}
|
|
|
|
+ // prevent the parent directory from being bind mounted to the subdirectory
|
|
+ if (is_parent_directory(dstdir, tmp_dir) == 0) {
|
|
+ ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir);
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
if (stat(dstdir, &buf) < 0) {
|
|
SYSERROR("Check chroot dir failed");
|
|
return -1;
|
|
@@ -255,12 +261,6 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
|
|
return -1;
|
|
}
|
|
|
|
- // prevent the parent directory from being bind mounted to the subdirectory
|
|
- if (is_parent_directory(dstdir, tmp_dir) == 0) {
|
|
- ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir);
|
|
- return -1;
|
|
- }
|
|
-
|
|
if (bind_mount_with_flock(flock_path, dstdir, tmp_dir) != 0) {
|
|
ERROR("Failed to bind mount from %s to %s with flock", dstdir, tmp_dir);
|
|
if (util_path_remove(tmp_dir) != 0) {
|
|
--
|
|
2.42.0
|
|
|