aboutsummaryrefslogtreecommitdiff
path: root/bin/gensquashfs/selinux.c
diff options
context:
space:
mode:
authorDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>2021-08-12 15:01:59 +0200
committerDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>2021-08-14 15:20:05 +0200
commitf949898c71f98917c3b3ede1b6397c4a4007e7c3 (patch)
tree3c10ddca7726e06df5b29ebf75f723d298bb1899 /bin/gensquashfs/selinux.c
parent2f494d26a65cde5da1ef797070bc439f2431265c (diff)
Fix symlink path traversal in rdsqaushfs
If rdsquashfs unpacks a directory tree that contains a symlink, followed by something else with the exact same name, it will follow the symlink and can be tricked into writing to an arbitrary filesystem location controlled by the SquashFS image. Because there might actually be a reasonable use case, where an image is unpacked into an directory existing directory tree, with symlinks that should be followed, this is solved as follows: - Before unpacking, recursively sort the directory by filename. - FAIL if (after sorting) two consequtive entries at the same hierarchy level have the same name. This solution is more generic and prevents the unpacker from accessing the same thing twice in generall, thus also excluding the symlink issue. Hardlinks are already unfolded into duplicate tree nodes by the tree reader (with loop detection) so that should not prompt further issues. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Diffstat (limited to 'bin/gensquashfs/selinux.c')
0 files changed, 0 insertions, 0 deletions