This patch forces btrfs receive to issue chroot before
parsing the btrfs stream to confine the process and
minimize damage that could be done via malicious
btrfs stream.
Signed-off-by: Lauri Võsandi <lauri.vosandi@xxxxxxxxx>
---
cmds-receive.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/cmds-receive.c b/cmds-receive.c
index 44ef27e..8be92ea 100644
--- a/cmds-receive.c
+++ b/cmds-receive.c
@@ -867,15 +867,17 @@ static int do_receive(struct btrfs_receive *r, const char *tomnt, int r_fd,
goto out;
}
- /*
- * find_mount_root returns a root_path that is a subpath of
- * dest_dir_full_path. Now get the other part of root_path,
- * which is the destination dir relative to root_path.
- */
- r->dest_dir_path = dest_dir_full_path + strlen(r->root_path);
- while (r->dest_dir_path[0] == '/')
- r->dest_dir_path++;
+ if (chroot(dest_dir_full_path)) {
+ ret = -errno;
+ fprintf(stderr,
+ "ERROR: failed to chroot to %s, %s\n",
+ dest_dir_full_path,
+ strerror(-ret));
+ goto out;
+ }
+ r->root_path = r->dest_dir_path = strdup("/");
+
ret = subvol_uuid_search_init(r->mnt_fd, &r->sus);
if (ret < 0)
goto out;
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
