Bug#704197: Please review: systemd checks
On 2013-04-06 18:33, Michael Stapelberg wrote:
> Hi Niels,
>
> [...]
> Okay, so how about this?
>
> sub check_init_script {
> my ($pkg, $info, $file) = @_;
>
> my $lsb_source_seen;
> my $path = $info->index ($file);
> unless ($path->is_regular_file ||
> ($path->is_symlink && defined($path->link_resolved))) {
> tag 'init-script-is-not-a-file', $file;
> }
> open(my $fh, '<', $info->unpacked($file))
> or fail "cannot open $file: $!";
> # …
> }
>
> [...]
I thought this was safe, but it does have an issue as well. Consider
symlink chaining:
safe-symlink -> unsafe-symlink
unsafe-symlink -> ../../../../etc/passwd
$path->link_resolved will approve "safe-symlink" because it can be
resolved safely. However, it does not check that the target is also a
safe symlink - so a loop/recursion is needed. That said, using the new
"is_ancestor_of" (from L::Util) is probably a lot easier to use
correctly. Basically:
use Lintian::Util qw(is_ancestor_of);
[...]
my $unpacked_file = $info->unpacked($file);
if ( -f $unpacked_file &&
is_ancestor_of($info->unpacked, $unpacked_file)) {
# exists, is a file and within the package root.
open(my $fd, '<', $unpacked_file) or fail "..."
[...]
} else {
# unsafe, is not a file or does not exist
[...]
}
~Niels
Reply to: