From: David Michael <dm0@redhat.com>
Date: Mon, 25 Feb 2019 18:18:30 +0000 (-0500)
Subject: fs-util: exempt root prefix directories from UID checks
X-Git-Tag: v242-rc1~208^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc14a6c011604c3b598247c35fea78d11c8d15ab;p=thirdparty%2Fsystemd.git

fs-util: exempt root prefix directories from UID checks

When chase_symlinks is given a root path, it is assumed that all
processed symlinks are restricted under that path.  It should not
be necessary to verify components of that prefix path since they
are not relevant to the symlinks.

This change skips unsafe UID transitions in this root prefix, i.e.
it now ignores when an unprivileged user's directory contains a
root-owned directory above the symlink root.
---

diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c
index 3ff86157973..281b85d9001 100644
--- a/src/basic/fs-util.c
+++ b/src/basic/fs-util.c
@@ -926,6 +926,7 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
                 if (fstat(child, &st) < 0)
                         return -errno;
                 if ((flags & CHASE_SAFE) &&
+                    (empty_or_root(root) || (size_t)(todo - buffer) > strlen(root)) &&
                     unsafe_transition(&previous_stat, &st))
                         return log_unsafe_transition(fd, child, path, flags);