[prev in list] [next in list] [prev in thread] [next in thread]
List: klik-devel
Subject: [klik-devel] [klikclient commit] r1539 -
From: codesite-noreply () google ! com
Date: 2008-05-11 21:12:30
Message-ID: 0016361e86ae941006044cfae3b7 () google ! com
[Download RAW message or body]
Author: lionel.tricon
Date: Sun May 11 14:08:41 2008
New Revision: 1539
Modified:
trunk/virtualization/unionfuse/trunk/fusioniso/src/fs.c
trunk/virtualization/unionfuse/trunk/fusioniso/src/fusemain.c
Log:
Improved the way we forbid access to the /tmp/klik directory
Modified: trunk/virtualization/unionfuse/trunk/fusioniso/src/fs.c
==============================================================================
--- trunk/virtualization/unionfuse/trunk/fusioniso/src/fs.c (original)
+++ trunk/virtualization/unionfuse/trunk/fusioniso/src/fs.c Sun May 11
14:08:41 2008
@@ -108,6 +108,8 @@
extern char* extern_exclude_list[];
extern int extern_exclude_length[];
extern int extern_list_max;
+extern char* extern_base_root;
+extern int extern_base_root_length;
extern bool extern_debug;
extern bool extern_glibc;
@@ -772,6 +774,8 @@
{
char ppath[FS_MAXPATH], target[FS_MAXPATH];
char *newpath=ppath;
+ int i, j;
+
if (extern_debug) printf("****** GETATTR: (%s)\n", path);
isofs_inode *inode = fs_lookup(path);
if (inode == NULL)
@@ -782,8 +786,17 @@
return -ENOENT;
}
- // We forbid access to the /tmp/klik directory
- if (extern_union_mounting && strncmp(path,"/tmp/klik", 9) ==
0) return -ENOENT;
+ // we forbid access to the location where all mount points are located
+ if (extern_union_mounting)
+ {
+ for (i=0,j=0; i<extern_base_root_length && path[j]!='\0';) {
+ if (extern_base_root[i] != path[j]) break;
+ if (path[j] == '/') for (;path[j]=='/';j++);
+ else j++;
+ i++;
+ }
+ if (extern_base_root[i] == '\0') return -ENOENT;
+ }
if (fs_home_stat(path,&newpath,stbuf) == 0) return 0;
if (extern_union_mounting && lstat(path,stbuf)==0)
Modified: trunk/virtualization/unionfuse/trunk/fusioniso/src/fusemain.c
==============================================================================
--- trunk/virtualization/unionfuse/trunk/fusioniso/src/fusemain.c (original)
+++ trunk/virtualization/unionfuse/trunk/fusioniso/src/fusemain.c Sun
May 11 14:08:41 2008
@@ -87,6 +87,8 @@
char* extern_exclude_list[32];
// We want to exclude some directories in case of sandboxing
int extern_exclude_length[32];
// Size of each directory to exclude (exclude list)
int extern_list_max;
// Number of directories (exclude list)
+char* extern_base_root;
+int extern_base_root_length;
bool extern_debug;
// If true, write debug on the stderr
bool extern_glibc;
// If true, change the loader on the fly
@@ -727,6 +729,14 @@
i=j+1;
}
}
+
+ // We don't want to loop into ourself
+ extern_base_root = getenv("FAKECHROOT_BASE_ROOT");
+ if (extern_base_root == NULL) {
+ extern_base_root = (char*)malloc(10);
+ strcpy(extern_base_root, "/tmp/klik");
+ }
+ extern_base_root_length = strlen(extern_base_root);
if (extern_union_mounting) return fuse_main(nargc, nargv, &fs_oper_union);
return fuse_main(nargc, nargv, &fs_oper);
_______________________________________________
klik-devel mailing list
klik-devel@kde.org
https://mail.kde.org/mailman/listinfo/klik-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic