fsdev-proxy-helper: avoid TOC/TOU race
There is a minor time of check/time of use race between statfs and chroot. It can be fixed easily by stat-ing the root after it has been changed. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
This commit is contained in:
parent
714487515d
commit
49f817caaf
|
@ -1128,10 +1128,19 @@ int main(int argc, char **argv)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (chdir("/") < 0) {
|
||||||
|
do_perror("chdir");
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
if (chroot(rpath) < 0) {
|
||||||
|
do_perror("chroot");
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
get_version = false;
|
get_version = false;
|
||||||
#ifdef FS_IOC_GETVERSION
|
#ifdef FS_IOC_GETVERSION
|
||||||
/* check whether underlying FS support IOC_GETVERSION */
|
/* check whether underlying FS support IOC_GETVERSION */
|
||||||
retval = statfs(rpath, &st_fs);
|
retval = statfs("/", &st_fs);
|
||||||
if (!retval) {
|
if (!retval) {
|
||||||
switch (st_fs.f_type) {
|
switch (st_fs.f_type) {
|
||||||
case EXT2_SUPER_MAGIC:
|
case EXT2_SUPER_MAGIC:
|
||||||
|
@ -1144,16 +1153,7 @@ int main(int argc, char **argv)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (chdir("/") < 0) {
|
|
||||||
do_perror("chdir");
|
|
||||||
goto error;
|
|
||||||
}
|
|
||||||
if (chroot(rpath) < 0) {
|
|
||||||
do_perror("chroot");
|
|
||||||
goto error;
|
|
||||||
}
|
|
||||||
umask(0);
|
umask(0);
|
||||||
|
|
||||||
if (init_capabilities() < 0) {
|
if (init_capabilities() < 0) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue