On 2015-04-14 08:28, David Sterba wrote:
On Tue, Apr 14, 2015 at 01:44:32PM +0300, Lauri Võsandi wrote:This patch forces btrfs receive to issue chroot before parsing the btrfs stream to confine the process and minimize damage that could be done via malicious btrfs stream.Thanks. As we've discussed, there are possibly some things to resolve: * chdir("/") after chroot * commandline options to enable/disable chroot, choose the default Receive should work for a non-root user so chroot should be conditional, but I'm not sure if this should be guessed from the UID or if this would be better to specify only by the commandline options. I'll put the patch into a separate branch for now.
Personally, I would expect it to default to not using chroot(), provide a commandline option to tell it to do so, and then just catch the error from trying to chroot as a non-root user.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
