git.ipfire.org Git - thirdparty/systemd.git/commit

parse-helpers: add new PATH_CHECK_NON_API_VFS flag

In various contexts it's a bit icky to allow paths below /proc/, /sys/,
/dev/ i.e. file hierarchies where API VFS are placed. Let's add a new
flag for path_simplify_and_warn() to check for this and refuse a path if
in these paths.

Enable this when parsing WorkingDirectory=.

This is inspired by CVE-2024-21626, which uses trickery around the cwd
and /proc/self/fd/.

AFAICS we are not actually vulnerable to the same issue as explained in
the CVE since we execute the WorkingDirectory= setting very late, i.e.
long after we set up the new mount namespace. But let's filter out icky
stuff better earlier than later, as extra safety precaution.

author	Lennart Poettering <lennart@poettering.net>
	Mon, 5 Feb 2024 14:38:55 +0000 (15:38 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Tue, 6 Feb 2024 10:13:28 +0000 (11:13 +0100)
commit	0d1332841e96526a713c71d8618939b2443107b5
tree	07a605f24a6949c923bf545954d7aebcc6cf9388	tree \| snapshot
parent	0fb08bd5e3097ecd79def22872ef3c522d2a3114	commit \| diff

src/core/load-fragment.c		diff \| blob \| blame \| history
src/shared/parse-helpers.c		diff \| blob \| blame \| history
src/shared/parse-helpers.h		diff \| blob \| blame \| history
src/test/test-parse-helpers.c		diff \| blob \| blame \| history