From: Lennart Poettering Date: Fri, 1 Nov 2024 09:03:26 +0000 (+0100) Subject: coredump: lock down EnterNamespace= mount even more X-Git-Tag: v257-rc1~57^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4c9c8b8d09eff18df71ba4aa910df4201f9890a0;p=thirdparty%2Fsystemd.git coredump: lock down EnterNamespace= mount even more Let's disable symlink following if we attach a container's mount tree to our own mount namespace. We afte rall mount the tree to a different location in the mount tree than where it was inside the container, hence symlinks (if they exist) will all point to the wrong places (even if relative, some might point to other places). And since symlink attacks are a thing, and we let libdw operate on the tree, let's lock this down as much as we can and simply disable symlink traversal entirely. --- diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c index c3e97325e0c..7782839c2dc 100644 --- a/src/coredump/coredump.c +++ b/src/coredump/coredump.c @@ -824,7 +824,7 @@ static int attach_mount_tree(int mount_tree_fd) { r = mount_setattr(mount_tree_fd, "", AT_EMPTY_PATH, &(struct mount_attr) { - .attr_set = MOUNT_ATTR_RDONLY|MOUNT_ATTR_NOSUID|MOUNT_ATTR_NODEV|MOUNT_ATTR_NOEXEC, + .attr_set = MOUNT_ATTR_RDONLY|MOUNT_ATTR_NOSUID|MOUNT_ATTR_NODEV|MOUNT_ATTR_NOEXEC|MOUNT_ATTR_NOSYMFOLLOW, .propagation = MS_SLAVE, }, sizeof(struct mount_attr)); if (r < 0)