From c2d343b920d22d980127ff083991d2f8ffdc591c Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 20 Jun 2025 13:59:04 +0200 Subject: [PATCH] bootctl: be more careful when opening arbitrary files from ESP Let's refuse all kind of weird stuff early. As suggested here: https://github.com/systemd/systemd/pull/30418#pullrequestreview-2128220792 (cherry picked from commit 95df8288c7dff8a95b86d48787ad03ae9bd5f5ed) (cherry picked from commit 5b68d2a003b4708b113087261dcb3f4604dfc9f0) --- src/boot/bootctl-install.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/boot/bootctl-install.c b/src/boot/bootctl-install.c index 44fc816a4c0..4cff2a9c087 100644 --- a/src/boot/bootctl-install.c +++ b/src/boot/bootctl-install.c @@ -337,9 +337,9 @@ static int update_efi_boot_binaries(const char *esp_path, const char *source_pat if (!endswith_no_case(de->d_name, ".efi")) continue; - fd = openat(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC); + fd = xopenat_full(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW, /* xopen_flags= */ 0, /* mode= */ 0); if (fd < 0) - return log_error_errno(errno, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name); + return log_error_errno(fd, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name); r = get_file_version(fd, &v); if (r == -ESRCH) @@ -889,9 +889,9 @@ static int remove_boot_efi(const char *esp_path) { if (!endswith_no_case(de->d_name, ".efi")) continue; - fd = openat(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC); + fd = xopenat_full(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW, /* xopen_flags= */ 0, /* mode= */ 0); if (fd < 0) - return log_error_errno(errno, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name); + return log_error_errno(fd, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name); r = get_file_version(fd, &v); if (r == -ESRCH) -- 2.47.3