fs-util: exempt root prefix directories from UID checks

When chase_symlinks is given a root path, it is assumed that all
processed symlinks are restricted under that path.  It should not
be necessary to verify components of that prefix path since they
are not relevant to the symlinks.

This change skips unsafe UID transitions in this root prefix, i.e.
it now ignores when an unprivileged user's directory contains a
root-owned directory above the symlink root.

diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c
index 3ff861579735c3bf573d8207d4a1360c9e3945f9..281b85d900106d8b607138a935e6c5ec24e1a5a8 100644 (file)
--- a/src/basic/fs-util.c
+++ b/src/basic/fs-util.c
@@ -926,6 +926,7 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
                 if (fstat(child, &st) < 0)
                         return -errno;
                 if ((flags & CHASE_SAFE) &&
+                    (empty_or_root(root) || (size_t)(todo - buffer) > strlen(root)) &&
                     unsafe_transition(&previous_stat, &st))
                         return log_unsafe_transition(fd, child, path, flags);