1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
From 3d38013418d0c5304dfbafcb0b2a5b4062964c53 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 13 Dec 2023 15:13:12 +0800
Subject: [PATCH 55/64] verify the mount dir first and then create tmpdir
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/utils/tar/util_archive.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 29c2bc03..655b3516 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -235,6 +235,12 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
return -1;
}
+ // prevent the parent directory from being bind mounted to the subdirectory
+ if (is_parent_directory(dstdir, tmp_dir) == 0) {
+ ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir);
+ return -1;
+ }
+
if (stat(dstdir, &buf) < 0) {
SYSERROR("Check chroot dir failed");
return -1;
@@ -255,12 +261,6 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
return -1;
}
- // prevent the parent directory from being bind mounted to the subdirectory
- if (is_parent_directory(dstdir, tmp_dir) == 0) {
- ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir);
- return -1;
- }
-
if (bind_mount_with_flock(flock_path, dstdir, tmp_dir) != 0) {
ERROR("Failed to bind mount from %s to %s with flock", dstdir, tmp_dir);
if (util_path_remove(tmp_dir) != 0) {
--
2.42.0
|
