From: Lennart Poettering Date: Fri, 20 Jun 2025 11:59:04 +0000 (+0200) Subject: bootctl: be more careful when opening arbitrary files from ESP X-Git-Tag: v258-rc1~278^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=95df8288c7dff8a95b86d48787ad03ae9bd5f5ed;p=thirdparty%2Fsystemd.git bootctl: be more careful when opening arbitrary files from ESP Let's refuse all kind of weird stuff early. As suggested here: https://github.com/systemd/systemd/pull/30418#pullrequestreview-2128220792 --- diff --git a/src/bootctl/bootctl-install.c b/src/bootctl/bootctl-install.c index 2099f42ae80..426a821168c 100644 --- a/src/bootctl/bootctl-install.c +++ b/src/bootctl/bootctl-install.c @@ -352,9 +352,9 @@ static int update_efi_boot_binaries(const char *esp_path, const char *source_pat if (!endswith_no_case(de->d_name, ".efi")) continue; - fd = openat(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC); + fd = xopenat_full(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW, XO_REGULAR, /* mode= */ 0); if (fd < 0) - return log_error_errno(errno, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name); + return log_error_errno(fd, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name); r = get_file_version(fd, &v); if (r == -ESRCH) @@ -1105,9 +1105,9 @@ static int remove_boot_efi(const char *esp_path) { if (!endswith_no_case(de->d_name, ".efi")) continue; - fd = openat(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC); + fd = xopenat_full(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW, XO_REGULAR, /* mode= */ 0); if (fd < 0) - return log_error_errno(errno, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name); + return log_error_errno(fd, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name); r = get_file_version(fd, &v); if (r == -ESRCH)