111 lines
4.1 KiB
Diff
111 lines
4.1 KiB
Diff
From 28c92fd54c93371c3062664d8a938438a2be88d6 Mon Sep 17 00:00:00 2001
|
|
From: Panu Matilainen <pmatilai@redhat.com>
|
|
Date: Fri, 13 Jan 2023 08:57:27 +0200
|
|
Subject: [PATCH] Fix install of block and character special files (#2195,
|
|
#2275)
|
|
|
|
While it's possible to open special files, they are, well, special and
|
|
have "side-effects" also known as, ahem, semantics. Opening a device
|
|
file in Unix means accessing that *device*, and FIFOs have their own
|
|
semantics. In other words, for rpm's purposes, we should never EVER
|
|
open these files as a part of the install / permission setting etc.
|
|
Fix this major brainfart in 25a435e90844ea98fe5eb7bef22c1aecf3a9c033.
|
|
|
|
OTOH this forces us back to the less secure path based operations for
|
|
these files, which is what we were trying to avoid in the first place.
|
|
There always was a tiny race between create + open for these (because
|
|
there's no atomic way to create + open anything but regular files) but
|
|
this opens up the window quite a bit.
|
|
Nobody should be placing device nodes in user-owned directories but
|
|
FIFO's may be a different story.
|
|
|
|
We haven't had tests for device nodes because it requires privileges the
|
|
test-suite usually doesn't have, not testing FIFOs I have no excuse for.
|
|
Add that test now.
|
|
|
|
Fixes: #2195, #2275
|
|
---
|
|
lib/fsm.c | 4 +++-
|
|
tests/data/SPECS/fifo.spec | 16 ++++++++++++++++
|
|
tests/Makefile.am | 2 +-
|
|
tests/rpmi.at | 15 +++++++++++++++
|
|
4 files changed, 35 insertions(+), 2 deletions(-)
|
|
create mode 100644 tests/data/SPECS/fifo.spec
|
|
|
|
diff --git a/lib/fsm.c b/lib/fsm.c
|
|
index e38155df7..052416641 100644
|
|
--- a/lib/fsm.c
|
|
+++ b/lib/fsm.c
|
|
@@ -1014,7 +1014,9 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
|
|
rc = RPMERR_UNKNOWN_FILETYPE;
|
|
}
|
|
|
|
- if (!rc && fd == -1 && !S_ISLNK(fp->sb.st_mode)) {
|
|
+ /* Special files require path-based ops */
|
|
+ int mayopen = S_ISREG(fp->sb.st_mode) || S_ISDIR(fp->sb.st_mode);
|
|
+ if (!rc && fd == -1 && mayopen) {
|
|
/* Only follow safe symlinks, and never on temporary files */
|
|
fd = fsmOpenat(di.dirfd, fp->fpath,
|
|
fp->suffix ? AT_SYMLINK_NOFOLLOW : 0, 0);
|
|
diff --git a/tests/data/SPECS/fifo.spec b/tests/data/SPECS/fifo.spec
|
|
new file mode 100644
|
|
index 000000000..20b30b243
|
|
--- /dev/null
|
|
+++ b/tests/data/SPECS/fifo.spec
|
|
@@ -0,0 +1,16 @@
|
|
+Name: fifo
|
|
+Version: 1.0
|
|
+Release: 1
|
|
+Group: Testing
|
|
+License: GPL
|
|
+Summary: Testing fifo behavior
|
|
+BuildArch: noarch
|
|
+
|
|
+%description
|
|
+%{summary}
|
|
+
|
|
+%install
|
|
+mknod ${RPM_BUILD_ROOT}/test-fifo p
|
|
+
|
|
+%files
|
|
+/test-fifo
|
|
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
|
index 04fa1e5..1b12148 100644
|
|
--- a/tests/Makefile.am
|
|
+++ b/tests/Makefile.am
|
|
@@ -174,7 +174,7 @@ populate_testing:
|
|
for d in dev etc magic tmp var; do if [ ! -d testing/$${d} ]; then mkdir testing/$${d}; fi; done
|
|
for node in urandom stdin stderr stdout null full; do ln -s /dev/$${node} testing/dev/$${node}; done
|
|
for cf in hosts resolv.conf passwd shadow group gshadow mtab ; do [ -f /etc/$${cf} ] && ln -s /etc/$${cf} testing/etc/$${cf}; done
|
|
- for prog in gzip cat patch tar sh ln chmod rm mkdir uname grep sed find file ionice mktemp nice cut sort diff touch install wc coreutils xargs; do p=`which $${prog}`; if [ "$${p}" != "" ]; then ln -s $${p} testing/$(bindir)/; fi; done
|
|
+ for prog in gzip cat patch tar sh ln chmod rm mkdir uname grep sed find file ionice mktemp nice cut sort diff touch install wc coreutils xargs mknod; do p=`which $${prog}`; if [ "$${p}" != "" ]; then ln -s $${p} testing/$(bindir)/; fi; done
|
|
for d in /proc /sys /selinux /etc/selinux; do if [ -d $${d} ]; then ln -s $${d} testing/$${d}; fi; done
|
|
(cd testing/magic && file -C)
|
|
chmod -R u-w testing/
|
|
diff --git a/tests/rpmi.at b/tests/rpmi.at
|
|
index ee35bdc..a2389de 100644
|
|
--- a/tests/rpmi.at
|
|
+++ b/tests/rpmi.at
|
|
@@ -873,3 +873,18 @@ runroot rpm -e hlinktest
|
|
],
|
|
[])
|
|
AT_CLEANUP
|
|
+
|
|
+AT_SETUP([rpm -U fifo])
|
|
+AT_KEYWORDS([install])
|
|
+AT_CHECK([
|
|
+RPMDB_INIT
|
|
+
|
|
+runroot rpmbuild -bb --quiet /data/SPECS/fifo.spec
|
|
+runroot rpm -U --ignoreos /build/RPMS/noarch/fifo-1.0-1.noarch.rpm
|
|
+runroot rpm -Vv --nouser --nogroup fifo
|
|
+],
|
|
+[0],
|
|
+[......... /test-fifo
|
|
+],
|
|
+[])
|
|
+AT_CLEANUP
|
|
--
|
|
2.27.0
|
|
|