umount: sanitize paths from non-root users

Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/sys-utils/umount.c b/sys-utils/umount.c
index 06d33de1d71154bbfd662c9bcde08c074a4bba14..396052c5f2cac621c1fa9e6ac0fb1263d869b4d9 100644 (file)
--- a/sys-utils/umount.c
+++ b/sys-utils/umount.c
@@ -36,6 +36,7 @@
 #include "exitcodes.h"
 #include "closestream.h"
 #include "pathnames.h"
+#include "canonicalize.h"
 
 static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__)),
                        const char *filename, int line)
@@ -401,6 +402,24 @@ static int umount_recursive(struct libmnt_context *cxt, const char *spec)
        return rc;
 }
 
+/*
+ * Check path -- non-root user should not be able to resolve path which is
+ * unreadable for him.
+ */
+static char *sanitize_path(const char *path)
+{
+       char *p;
+
+       if (!path)
+               return NULL;
+
+       p = canonicalize_path_restricted(path);
+       if (!p)
+               err(MOUNT_EX_USAGE, "%s", path);
+
+       return p;
+}
+
 int main(int argc, char **argv)
 {
        int c, rc = 0, all = 0, recursive = 0;
@@ -531,8 +550,17 @@ int main(int argc, char **argv)
                while (argc--)
                        rc += umount_recursive(cxt, *argv++);
        } else {
-               while (argc--)
-                       rc += umount_one(cxt, *argv++);
+               while (argc--) {
+                       char *path = *argv++;
+
+                       if (mnt_context_is_restricted(cxt))
+                               path = sanitize_path(path);
+
+                       rc += umount_one(cxt, path);
+
+                       if (mnt_context_is_restricted(cxt))
+                               free(path);
+               }
        }
 
        mnt_free_context(cxt);