diff options
Diffstat (limited to 'backport-Fix-install-of-block-and-character-special-files-219.patch')
| -rw-r--r-- | backport-Fix-install-of-block-and-character-special-files-219.patch | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/backport-Fix-install-of-block-and-character-special-files-219.patch b/backport-Fix-install-of-block-and-character-special-files-219.patch new file mode 100644 index 0000000..047b6d1 --- /dev/null +++ b/backport-Fix-install-of-block-and-character-special-files-219.patch @@ -0,0 +1,110 @@ +From 28c92fd54c93371c3062664d8a938438a2be88d6 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen <pmatilai@redhat.com> +Date: Fri, 13 Jan 2023 08:57:27 +0200 +Subject: [PATCH] Fix install of block and character special files (#2195, + #2275) + +While it's possible to open special files, they are, well, special and +have "side-effects" also known as, ahem, semantics. Opening a device +file in Unix means accessing that *device*, and FIFOs have their own +semantics. In other words, for rpm's purposes, we should never EVER +open these files as a part of the install / permission setting etc. +Fix this major brainfart in 25a435e90844ea98fe5eb7bef22c1aecf3a9c033. + +OTOH this forces us back to the less secure path based operations for +these files, which is what we were trying to avoid in the first place. +There always was a tiny race between create + open for these (because +there's no atomic way to create + open anything but regular files) but +this opens up the window quite a bit. +Nobody should be placing device nodes in user-owned directories but +FIFO's may be a different story. + +We haven't had tests for device nodes because it requires privileges the +test-suite usually doesn't have, not testing FIFOs I have no excuse for. +Add that test now. + +Fixes: #2195, #2275 +--- + lib/fsm.c | 4 +++- + tests/data/SPECS/fifo.spec | 16 ++++++++++++++++ + tests/Makefile.am | 2 +- + tests/rpmi.at | 15 +++++++++++++++ + 4 files changed, 35 insertions(+), 2 deletions(-) + create mode 100644 tests/data/SPECS/fifo.spec + +diff --git a/lib/fsm.c b/lib/fsm.c +index e38155df7..052416641 100644 +--- a/lib/fsm.c ++++ b/lib/fsm.c +@@ -1014,7 +1014,9 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files, + rc = RPMERR_UNKNOWN_FILETYPE; + } + +- if (!rc && fd == -1 && !S_ISLNK(fp->sb.st_mode)) { ++ /* Special files require path-based ops */ ++ int mayopen = S_ISREG(fp->sb.st_mode) || S_ISDIR(fp->sb.st_mode); ++ if (!rc && fd == -1 && mayopen) { + /* Only follow safe symlinks, and never on temporary files */ + fd = fsmOpenat(di.dirfd, fp->fpath, + fp->suffix ? AT_SYMLINK_NOFOLLOW : 0); +diff --git a/tests/data/SPECS/fifo.spec b/tests/data/SPECS/fifo.spec +new file mode 100644 +index 000000000..20b30b243 +--- /dev/null ++++ b/tests/data/SPECS/fifo.spec +@@ -0,0 +1,16 @@ ++Name: fifo ++Version: 1.0 ++Release: 1 ++Group: Testing ++License: GPL ++Summary: Testing fifo behavior ++BuildArch: noarch ++ ++%description ++%{summary} ++ ++%install ++mknod ${RPM_BUILD_ROOT}/test-fifo p ++ ++%files ++/test-fifo +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 04fa1e5..1b12148 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -174,7 +174,7 @@ populate_testing: + for d in dev etc magic tmp var; do if [ ! -d testing/$${d} ]; then mkdir testing/$${d}; fi; done + for node in urandom stdin stderr stdout null full; do ln -s /dev/$${node} testing/dev/$${node}; done + for cf in hosts resolv.conf passwd shadow group gshadow mtab ; do [ -f /etc/$${cf} ] && ln -s /etc/$${cf} testing/etc/$${cf}; done +- for prog in gzip cat patch tar sh ln chmod rm mkdir uname grep sed find file ionice mktemp nice cut sort diff touch install wc coreutils xargs; do p=`which $${prog}`; if [ "$${p}" != "" ]; then ln -s $${p} testing/$(bindir)/; fi; done ++ for prog in gzip cat patch tar sh ln chmod rm mkdir uname grep sed find file ionice mktemp nice cut sort diff touch install wc coreutils xargs mknod; do p=`which $${prog}`; if [ "$${p}" != "" ]; then ln -s $${p} testing/$(bindir)/; fi; done + for d in /proc /sys /selinux /etc/selinux; do if [ -d $${d} ]; then ln -s $${d} testing/$${d}; fi; done + (cd testing/magic && file -C) + chmod -R u-w testing/ +diff --git a/tests/rpmi.at b/tests/rpmi.at +index ee35bdc..a2389de 100644 +--- a/tests/rpmi.at ++++ b/tests/rpmi.at +@@ -873,3 +873,18 @@ runroot rpm -e hlinktest + ], + []) + AT_CLEANUP ++ ++AT_SETUP([rpm -U fifo]) ++AT_KEYWORDS([install]) ++AT_CHECK([ ++RPMDB_INIT ++ ++runroot rpmbuild -bb --quiet /data/SPECS/fifo.spec ++runroot rpm -U --ignoreos /build/RPMS/noarch/fifo-1.0-1.noarch.rpm ++runroot rpm -Vv --nouser --nogroup fifo ++], ++[0], ++[......... /test-fifo ++], ++[]) ++AT_CLEANUP +-- +2.27.0 + |