From a9f48db5f60188446c18b191ef25cd0a0bd833ee Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 31 Mar 2023 16:07:23 +0900 Subject: [PATCH] machine-id-setup: do not read host's machine ID when root directory is specified If a root directory is specified, and e.g. /var under the root directory is a symlink to the host's /var, then we wrongly read host's machine ID, even if O_NOFOLLOW is set. Let's chase the path with CHASE_NOFOLLOW to refuse such case. Also, refuse null ID, otherwise we may setup machine ID with NULL. --- src/shared/machine-id-setup.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/src/shared/machine-id-setup.c b/src/shared/machine-id-setup.c index 4b4309037b4..f27c3d768bf 100644 --- a/src/shared/machine-id-setup.c +++ b/src/shared/machine-id-setup.c @@ -8,6 +8,7 @@ #include "sd-id128.h" #include "alloc-util.h" +#include "chase.h" #include "fd-util.h" #include "id128-util.h" #include "io-util.h" @@ -27,22 +28,16 @@ #include "virt.h" static int generate_machine_id(const char *root, sd_id128_t *ret) { - const char *dbus_machine_id; _cleanup_close_ int fd = -EBADF; int r; assert(ret); /* First, try reading the D-Bus machine id, unless it is a symlink */ - dbus_machine_id = prefix_roota(root, "/var/lib/dbus/machine-id"); - fd = open(dbus_machine_id, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW); - if (fd >= 0) { - if (id128_read_fd(fd, ID128_FORMAT_PLAIN, ret) >= 0) { - log_info("Initializing machine ID from D-Bus machine ID."); - return 0; - } - - fd = safe_close(fd); + fd = chase_and_open("/var/lib/dbus/machine-id", root, CHASE_PREFIX_ROOT | CHASE_NOFOLLOW, O_RDONLY|O_CLOEXEC|O_NOCTTY, NULL); + if (fd >= 0 && id128_read_fd(fd, ID128_FORMAT_PLAIN | ID128_REFUSE_NULL, ret) >= 0) { + log_info("Initializing machine ID from D-Bus machine ID."); + return 0; } if (isempty(root) && running_in_chroot() <= 0) { -- 2.47.3