-
Notifications
You must be signed in to change notification settings - Fork 574
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
snap/container: gaurd against non-regular files and external symlinks…
… under /meta Non-regular meta files like desktop files, icons can cause harmful behavior without proper validation like: - Completely freezing snapd (opening named pipes without writers) - Giving root read-access to host files (external symlinks) This commit only validates file under /meta. * snap/container_test: add test suite for squashfs container implementation Container tests were only testing with SnapDir containers, this commit adds a squashfs test suite running the same tests to increase tests robustness and cover more edge cases. SnapDir: covers "snap pack" scenarios Squashfs: covers "snap install" scenarios * snap/container: fix isExternalSymlink implementation First bug was counting any .. encountered leading to counting files like a..b mistakenly (thanks @pedronis for catching this). Second bug was an off-by-one error were it was checking if the go-back-cnt is bigger than the path-depth and not bigger-than-or-equal. * snap/container_test: add unit tests for isExternalSymlink * snap/{snapdir,squashfs}: add unit tests for Readlink * snap/{snapdir,squashfs}: rename Readlink to ReadLink for consistency * snap/container_test: add a test case to TestIsExternalSymlink * snap/container: expose Lstat interface in snap.Container * snap/container: follow symlinks inside container and mimic review-tools checks * container: make meta symlink validation simpler and stricter * container: refactor {validate,eval}Symlink * snap/squashfs: fix/optimize relative Walks * snap/squashfs: refactor/optimize squashfs container Lstat * snap/container: validate meta symlinks target's mode * snap/container: add illustrative flowchart for container symlink evaluation logic * snap/container: always check symlink target mode (thanks @alexmurray) The previous implementation was only checking non-zero modes which could allow a file to mask its mode by symlinking to zero mode file. Signed-off-by: Zeyad Gouda <[email protected]>
- Loading branch information
1 parent
bee2baa
commit ddb4de5
Showing
9 changed files
with
796 additions
and
85 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.