commit: ef9208bea4e0f0dff5abf358002565f36e4d7a8d Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> AuthorDate: Mon Jan 8 19:59:35 2024 +0000 Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> CommitDate: Mon Jan 8 20:04:09 2024 +0000 URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=ef9208be
libsandbox: stat the original path for EEXIST hackaround Resolves an issue that can occur with paths that contain parent directory references (/../). If part of the path does not exist, the sandboxed program should get ENOENT, not EEXIST. If we use the canonicalized path, intermediate paths will be eliminated and we produce the wrong result. Bug: https://bugs.gentoo.org/921581 Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> libsandbox/pre_check_mkdirat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsandbox/pre_check_mkdirat.c b/libsandbox/pre_check_mkdirat.c index b1e86cf..49c382a 100644 --- a/libsandbox/pre_check_mkdirat.c +++ b/libsandbox/pre_check_mkdirat.c @@ -37,7 +37,7 @@ bool sb_mkdirat_pre_check(const char *func, const char *pathname, int dirfd) * will trigger a sandbox violation. */ struct stat64 st; - if (0 == lstat64(canonic, &st)) { + if (0 == lstat64(pathname, &st)) { int new_errno; sb_debug_dyn("EARLY FAIL: %s(%s[%s]) @ lstat: %s\n", func, pathname, canonic, strerror(errno));
