Bug#704197: Please review: systemd checks

[Niels Thykier <niels@thykier.net>]

On 2013-04-06 18:33, Michael Stapelberg wrote:
> Hi Niels,
> 
> [...]
> Okay, so how about this?
> 
> sub check_init_script {
>     my ($pkg, $info, $file) = @_;
> 
>     my $lsb_source_seen;
>     my $path = $info->index ($file);
>     unless ($path->is_regular_file ||
>             ($path->is_symlink && defined($path->link_resolved))) {
>         tag 'init-script-is-not-a-file', $file;
>     }
>     open(my $fh, '<', $info->unpacked($file))
>         or fail "cannot open $file: $!";
>     # …
> }
> 
> [...]



I thought this was safe, but it does have an issue as well.  Consider
symlink chaining:

  safe-symlink -> unsafe-symlink
  unsafe-symlink -> ../../../../etc/passwd

$path->link_resolved will approve "safe-symlink" because it can be
resolved safely.  However, it does not check that the target is also a
safe symlink - so a loop/recursion is needed.  That said, using the new
"is_ancestor_of" (from L::Util) is probably a lot easier to use
correctly.  Basically:

  use Lintian::Util qw(is_ancestor_of);

  [...]

  my $unpacked_file = $info->unpacked($file);
  if ( -f $unpacked_file &&
       is_ancestor_of($info->unpacked, $unpacked_file)) {
     # exists, is a file and within the package root.
     open(my $fd, '<', $unpacked_file) or fail "..."
     [...]
  } else {
     # unsafe, is not a file or does not exist
     [...]
  }

~Niels