Re: [PATCH 2/2] daemon: Verify base-path and interpolated-path early

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Junio C Hamano schrieb:
> Johannes Sixt <j.sixt@xxxxxxxxxxxxx> writes:
> 
>> Any request to the daemon would fail if either interpolated-path or
>> base-path (if specified) would not be absolute. Hence, we can check those
>> paths for validity upfront and not start the daemon at all if the paths are
>> invalid.
>>
>> Additionally, we now check that the base-path is an existing directory.
> 
> Looks good.  Thanks.

I just discovered that this patch is crap. Please drop it!

We must not remove the checks from path_ok() because they verify the
*client-supplied* part of the path, which must be absolute.

Nevertheless, it would be useful to verify that --base-path points to an
existing directory. What I actually wanted to implement is this:

-- >8 --
daemon: ensure that base-path is an existing directory

Any request to the daemon would fail if base-path (if specified) is not
a directory. We now check for this condition early.

Signed-off-by: Johannes Sixt <johannes.sixt@xxxxxxxxxx>
---
 daemon.c |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/daemon.c b/daemon.c
index dd0177f..2b4a6f1 100644
--- a/daemon.c
+++ b/daemon.c
@@ -1184,6 +1184,14 @@ int main(int argc, char **argv)
 	if (strict_paths && (!ok_paths || !*ok_paths))
 		die("option --strict-paths requires a whitelist");

+	if (base_path) {
+		struct stat st;
+
+		if (stat(base_path, &st) || !S_ISDIR(st.st_mode))
+			die("base-path '%s' does not exist or "
+			    "is not a directory", base_path);
+	}
+
 	if (inetd_mode) {
 		struct sockaddr_storage ss;
 		struct sockaddr *peer = (struct sockaddr *)&ss;
-- 
1.5.4.3.231.g5d43e



-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux