From: Lennart Poettering Date: Mon, 5 Feb 2024 16:10:40 +0000 (+0100) Subject: nspawn: also refuse paths below API VFS in nspawn's --chdir= field X-Git-Tag: v256-rc1~961^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f94025a13681e001011dd52e0dcecc143b4501b9;p=thirdparty%2Fsystemd.git nspawn: also refuse paths below API VFS in nspawn's --chdir= field --- diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index c0ec076b246..957bc582176 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1368,17 +1368,27 @@ static int parse_argv(int argc, char *argv[]) { break; - case ARG_CHDIR: + case ARG_CHDIR: { + _cleanup_free_ char *wd = NULL; + if (!path_is_absolute(optarg)) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Working directory %s is not an absolute path.", optarg); - r = free_and_strdup(&arg_chdir, optarg); + r = path_simplify_alloc(optarg, &wd); if (r < 0) - return log_oom(); + return log_error_errno(r, "Failed to simplify path %s: %m", optarg); + + if (!path_is_normalized(wd)) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Working dirctory path is not normalized: %s", wd); + if (path_below_api_vfs(wd)) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Working directory is below API VFS, refusing: %s", wd); + + free_and_replace(arg_chdir, wd); arg_settings_mask |= SETTING_WORKING_DIRECTORY; break; + } case ARG_PIVOT_ROOT: r = pivot_root_parse(&arg_pivot_root_new, &arg_pivot_root_old, optarg);