commit: f7d02c04b2a8e395f478bda03306fb68fb44ba4c Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> AuthorDate: Mon Jan 8 19:59:35 2024 +0000 Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> CommitDate: Mon Jan 22 21:41:13 2024 +0000 URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=f7d02c04
libsandbox: stat the original path for EEXIST hackaround Resolves an issue that can occur with paths that contain parent directory references (/../). If part of the path does not exist, the sandboxed program should get ENOENT, not EEXIST. If we use the canonicalized path, intermediate paths will be eliminated and we produce the wrong result. Bug: https://bugs.gentoo.org/921581 Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> (cherry picked from commit ef9208bea4e0f0dff5abf358002565f36e4d7a8d) libsandbox/pre_check_mkdirat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsandbox/pre_check_mkdirat.c b/libsandbox/pre_check_mkdirat.c index b1e86cf..49c382a 100644 --- a/libsandbox/pre_check_mkdirat.c +++ b/libsandbox/pre_check_mkdirat.c @@ -37,7 +37,7 @@ bool sb_mkdirat_pre_check(const char *func, const char *pathname, int dirfd) * will trigger a sandbox violation. */ struct stat64 st; - if (0 == lstat64(canonic, &st)) { + if (0 == lstat64(pathname, &st)) { int new_errno; sb_debug_dyn("EARLY FAIL: %s(%s[%s]) @ lstat: %s\n", func, pathname, canonic, strerror(errno));
