From patchwork Fri Oct 1 22:00:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: morganamilo X-Patchwork-Id: 1975 Return-Path: Delivered-To: patchwork@archlinux.org Received: from mail.archlinux.org [95.216.189.61] by patchwork.archlinux.org with IMAP (fetchmail-6.4.22) for (single-drop); Fri, 01 Oct 2021 22:00:24 +0000 (UTC) Received: from mail.archlinux.org by mail.archlinux.org with LMTP id QEXtD/iEV2HUUwAAK+/4rw (envelope-from ) for ; Fri, 01 Oct 2021 22:00:24 +0000 Received: from lists.archlinux.org (lists.archlinux.org [95.217.236.249]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.archlinux.org (Postfix) with ESMTPS id 51DB697C197; Fri, 1 Oct 2021 22:00:23 +0000 (UTC) Received: from lists.archlinux.org (localhost [IPv6:::1]) by lists.archlinux.org (Postfix) with ESMTP id 364CF8A37E4; Fri, 1 Oct 2021 22:00:23 +0000 (UTC) X-Original-To: pacman-dev@lists.archlinux.org Delivered-To: pacman-dev@lists.archlinux.org Received: from mail.archlinux.org (mail.archlinux.org [IPv6:2a01:4f9:c010:3052::1]) by lists.archlinux.org (Postfix) with ESMTPS id 57D838A37C7 for ; Fri, 1 Oct 2021 22:00:21 +0000 (UTC) From: morganamilo DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=archlinux.org; s=dkim-rsa; t=1633125621; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=/RWU9FpwHjFEuTst2UvEtABlmmYOXZytu/P4P8aCces=; b=RQXCC/aWxSyjSr7qbT6jNuLmH3fbwsGe3c1Rzy2KZz5GBKvrNFs/30T9PPrgDeO0dxOube xN3w6BoJwKlu3D6SmkUL/R50JXHkebqMmtSZYT41J2RDH1n5c86CpwjGrFVrZonmh4k9vG feIMJQ8dpB4lzGPzxidCDsQhyWHg9oFcbea3ueWxy2ykHCFVcBqTOj057RXw96y/4yXuuO +G4la8Dm0KYd7hDuz8SOjreQiOLMuMbqG2uUQeA7zXUtwT78QEihOISyCaVhjblihqtriE DUNOt0Ty3KMDGxepo7bzzkVh1Qov2neLVylJrxb6e5XChnBaxkmQpzJGc3PKMwFLQ5QLEZ Iit1fo+erCf4uBiqavO7AftxH4AtqtsnjVAJm0nRWdI4JpHNMGU4D81HYkhH/hxppNsv8+ cJHvQIti8eHXDndJxMyl6oz1Kk1DG3VkoP018qDtgm6ktRqMDn3KeEn7BNyDaerbIhJtB1 rVz9VA3wl7XJ+3AE0bDKRyuGVxG2JmWHBvjJLU9SK2norhFCkUo8uOiOCeStpi1gi4MZPC ps7qrV4vcYIwuGhYxRTrF/s7iDueXGkfRlhhKoYAdofgx4gt/AwW5Zos5Rq2rq5Arl48ng zsmFmbFyqfkYwD1WsKPI7YVzxsgj8NZdh/aD9yEHuvs9THcwRT6cY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=archlinux.org; s=dkim-ed25519; t=1633125621; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=/RWU9FpwHjFEuTst2UvEtABlmmYOXZytu/P4P8aCces=; b=m0o8YQZ2koyUzXfl0mFOSNH8+nl1svllJRA96EGorrpDKMK9OEyYFL4KTI2ntt/4gk3lbn Ud5l7HS3pwsDeRDA== To: pacman-dev@lists.archlinux.org Cc: morganamilo Subject: [PATCH 1/2] alpm: test access of symlinks not where they point Date: Fri, 1 Oct 2021 23:00:16 +0100 Message-Id: <20211001220017.124893-1-morganamilo@archlinux.org> X-Mailer: git-send-email 2.33.0 MIME-Version: 1.0 X-BeenThere: pacman-dev@lists.archlinux.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussion list for pacman development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: pacman-dev-bounces@lists.archlinux.org Sender: "pacman-dev" Authentication-Results: mail.archlinux.org; dkim=pass header.d=archlinux.org header.s=dkim-rsa header.b="RQXCC/aW"; dkim=pass header.d=archlinux.org header.s=dkim-ed25519 header.b=m0o8YQZ2; dmarc=pass (policy=none) header.from=archlinux.org; spf=pass (mail.archlinux.org: domain of pacman-dev-bounces@lists.archlinux.org designates 95.217.236.249 as permitted sender) smtp.mailfrom=pacman-dev-bounces@lists.archlinux.org X-Rspamd-Queue-Id: 51DB697C197 X-Spamd-Result: default: False [-2.61 / 15.00]; DWL_DNSWL_MED(-2.00)[archlinux.org:dkim]; MID_CONTAINS_FROM(1.00)[]; R_MISSING_CHARSET(0.50)[]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; DMARC_POLICY_ALLOW(-0.50)[archlinux.org,none]; RCVD_IN_DNSWL_MED(-0.40)[2a01:4f9:c010:3052::1:received,95.217.236.249:from]; MAILLIST(-0.20)[mailman]; R_DKIM_ALLOW(-0.20)[archlinux.org:s=dkim-rsa,archlinux.org:s=dkim-ed25519]; R_SPF_ALLOW(-0.20)[+ip4:95.217.236.249]; MIME_GOOD(-0.10)[text/plain]; HAS_LIST_UNSUB(-0.01)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:95.217.0.0/16, country:DE]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[archlinux.org:+]; FROM_HAS_DN(0.00)[]; NEURAL_HAM(-0.00)[-1.000]; RCPT_COUNT_TWO(0.00)[2]; TO_DN_SOME(0.00)[]; FROM_NEQ_ENVFROM(0.00)[morganamilo@archlinux.org,pacman-dev-bounces@lists.archlinux.org]; PREVIOUSLY_DELIVERED(0.00)[pacman-dev@lists.archlinux.org]; FORGED_SENDER_MAILLIST(0.00)[] X-Rspamd-Server: mail.archlinux.org Fixes FS#69720 --- lib/libalpm/util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/libalpm/util.c b/lib/libalpm/util.c index 299d287e..e7b049ce 100644 --- a/lib/libalpm/util.c +++ b/lib/libalpm/util.c @@ -1342,11 +1342,11 @@ int _alpm_access(alpm_handle_t *handle, const char *dir, const char *file, int a CALLOC(check_path, len, sizeof(char), RET_ERR(handle, ALPM_ERR_MEMORY, -1)); snprintf(check_path, len, "%s%s", dir, file); - ret = access(check_path, amode); + ret = faccessat(AT_FDCWD, check_path, amode, AT_SYMLINK_NOFOLLOW); free(check_path); } else { dir = ""; - ret = access(file, amode); + ret = faccessat(AT_FDCWD, file, amode, AT_SYMLINK_NOFOLLOW); } if(ret != 0) { From patchwork Fri Oct 1 22:00:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: morganamilo X-Patchwork-Id: 1976 Return-Path: Delivered-To: patchwork@archlinux.org Received: from mail.archlinux.org [95.216.189.61] by patchwork.archlinux.org with IMAP (fetchmail-6.4.22) for (single-drop); Fri, 01 Oct 2021 22:00:26 +0000 (UTC) Received: from mail.archlinux.org by mail.archlinux.org with LMTP id ANWRFvqEV2HUUwAAK+/4rw (envelope-from ) for ; Fri, 01 Oct 2021 22:00:26 +0000 Received: from lists.archlinux.org (lists.archlinux.org [IPv6:2a01:4f9:c010:9eb4::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.archlinux.org (Postfix) with ESMTPS id DF1E197C1A2; Fri, 1 Oct 2021 22:00:25 +0000 (UTC) Received: from lists.archlinux.org (localhost [IPv6:::1]) by lists.archlinux.org (Postfix) with ESMTP id 9ECF58A37F8; Fri, 1 Oct 2021 22:00:25 +0000 (UTC) X-Original-To: pacman-dev@lists.archlinux.org Delivered-To: pacman-dev@lists.archlinux.org Received: from mail.archlinux.org (mail.archlinux.org [95.216.189.61]) by lists.archlinux.org (Postfix) with ESMTPS id 6D65C8A37E7 for ; Fri, 1 Oct 2021 22:00:23 +0000 (UTC) From: morganamilo DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=archlinux.org; s=dkim-rsa; t=1633125623; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zR3Wty1RnvhiW+v6Z9Zte9enX6a/VNs+P+9IQRVje9Y=; b=UTSiSNswzznnRwNydfW7UAVIJdjHsr6pFg4JXRVGek+1Sl3XAwGW8DE4IfxybF2CCa/8lP P7YAW6N56hWGTMuy2yr2yts3IrHZJ9LM8PvSEbr2sJ5avIU4b2WGr0hJn9NPnTPhWfZY2L xckevxfBbjTevG3+X79LapSt3IZsIpSSOPygzCz1BmaQQNpbUvI+2Jp1UgSoTJZhJ1bGoN hkslpH2Iearbrgt8ZwXuIY1xx6I5l+4C7MWBVLOopwEKVhzLHXerSJ9vwE7Y+KVUn/3Mva 74fFUs2ntN/FN+0HTq+dKtaCE0k2rt0IJCLZxjd+SL3b4ZET8Cs79z3/XqfWyJe70a5EnO S0EijnQ23F2BcAaPrGKxDeCXTAjyHCR+QA2mtyRTtYaWnl2d1IZ8h4X+zIV2VAJ0ejOGxT LftweQknjgVRQb4I+MSjSAPwnLMcDRPSLygIryUdDgSoltYYrkwIa+Tvz21bz3iJo34Ibw 1CMpidimCNXozC/y61e+XvJ8cLbaWtGgrOPEjQ8TiPqG+MsF54B2hKYF9txKp8G+aTJnal lFSNsaee8/d1NUyL9Mp00Rc82Rr8Jg5oWFeEwzIaISzoKg1eSjvZ1LjQ8T3Ce3+tz2ZyUG s68Er+3qcrd9Kr7yIXYqTil6HSVZ/a0V3iUdNuMYm1Zk1ij4rCGXg= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=archlinux.org; s=dkim-ed25519; t=1633125623; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zR3Wty1RnvhiW+v6Z9Zte9enX6a/VNs+P+9IQRVje9Y=; b=ZRRYwGmhlh+EXpCjl/2bsatR+B3ZWiRPPBBFIo10O4sl+MGXurYDtMGexUDQKzMP1G/8bp oiv9shsF0v+PNCDw== To: pacman-dev@lists.archlinux.org Cc: morganamilo Subject: [PATCH 2/2] alpm: fix wrong access() being used Date: Fri, 1 Oct 2021 23:00:17 +0100 Message-Id: <20211001220017.124893-2-morganamilo@archlinux.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211001220017.124893-1-morganamilo@archlinux.org> References: <20211001220017.124893-1-morganamilo@archlinux.org> MIME-Version: 1.0 X-BeenThere: pacman-dev@lists.archlinux.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussion list for pacman development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: pacman-dev-bounces@lists.archlinux.org Sender: "pacman-dev" Authentication-Results: mail.archlinux.org; dkim=pass header.d=archlinux.org header.s=dkim-rsa header.b=UTSiSNsw; dkim=pass header.d=archlinux.org header.s=dkim-ed25519 header.b=ZRRYwGmh; dmarc=pass (policy=none) header.from=archlinux.org; spf=pass (mail.archlinux.org: domain of pacman-dev-bounces@lists.archlinux.org designates 2a01:4f9:c010:9eb4::1 as permitted sender) smtp.mailfrom=pacman-dev-bounces@lists.archlinux.org X-Rspamd-Queue-Id: DF1E197C1A2 X-Spamd-Result: default: False [-6.61 / 15.00]; REPLY(-4.00)[]; DWL_DNSWL_MED(-2.00)[archlinux.org:dkim]; MID_CONTAINS_FROM(1.00)[]; DMARC_POLICY_ALLOW(-0.50)[archlinux.org,none]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; R_MISSING_CHARSET(0.50)[]; RCVD_IN_DNSWL_MED(-0.40)[2a01:4f9:c010:9eb4::1:from,95.216.189.61:received]; R_DKIM_ALLOW(-0.20)[archlinux.org:s=dkim-rsa,archlinux.org:s=dkim-ed25519]; R_SPF_ALLOW(-0.20)[+ip6:2a01:4f9:c010:9eb4::1:c]; MAILLIST(-0.20)[mailman]; MIME_GOOD(-0.10)[text/plain]; HAS_LIST_UNSUB(-0.01)[]; TO_DN_SOME(0.00)[]; FROM_HAS_DN(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[pacman-dev@lists.archlinux.org]; ARC_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:24940, ipnet:2a01:4f9::/32, country:DE]; DKIM_TRACE(0.00)[archlinux.org:+]; RCVD_COUNT_THREE(0.00)[3]; FROM_NEQ_ENVFROM(0.00)[morganamilo@archlinux.org,pacman-dev-bounces@lists.archlinux.org]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM(-0.00)[-1.000]; MIME_TRACE(0.00)[0:+]; FORGED_SENDER_MAILLIST(0.00)[] X-Rspamd-Server: mail.archlinux.org When removing files we check _alpm_access() to see if we can write (delete) the file. If not, we check if the file exists because if the file does not exist then we don't actually need to remove it so there's no issue. However the second call uses acess() instead of _alpm_access() which does not the rootdir into account. --- lib/libalpm/remove.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/libalpm/remove.c b/lib/libalpm/remove.c index de39724a..958374a5 100644 --- a/lib/libalpm/remove.c +++ b/lib/libalpm/remove.c @@ -332,7 +332,7 @@ static int can_remove_file(alpm_handle_t *handle, const alpm_file_t *file) /* If we fail write permissions due to a read-only filesystem, abort. * Assume all other possible failures are covered somewhere else */ if(_alpm_access(handle, NULL, filepath, W_OK) == -1) { - if(errno != EACCES && errno != ETXTBSY && access(filepath, F_OK) == 0) { + if(errno != EACCES && errno != ETXTBSY && _alpm_access(handle, NULL, filepath, F_OK) == 0) { /* only return failure if the file ACTUALLY exists and we can't write to * it - ignore "chmod -w" simple permission failures */ _alpm_log(handle, ALPM_LOG_ERROR, _("cannot remove file '%s': %s\n"),