dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

chrootenv: resolve potential race condition

Browse Source
This commit is contained in:
Yegor Timoshenko 2017-12-28 00:24:03 +00:00
parent 7798051817
commit 25b35f4ffb
No known key found for this signature in database
GPG Key ID: C34BF9DCC9DF8210
1 changed files with 8 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
pkgs/build-support/build-fhs-userenv/chrootenv.c
View File

@ -124,16 +124,6 @@ int nftw_remove(const char *path, const struct stat *sb, int type,
return remove(path); return remove(path);
} }
char *root;
void root_cleanup() {
if (nftw(root, nftw_remove, getdtablesize(),
FTW_DEPTH | FTW_MOUNT | FTW_PHYS) < 0)
errorf(EX_IOERR, "nftw(%s)", root);
free(root);
}
#define REQUIREMENTS \ #define REQUIREMENTS \
"Requires Linux version >= 3.19 built with CONFIG_USER_NS option.\n" "Requires Linux version >= 3.19 built with CONFIG_USER_NS option.\n"
@ -158,6 +148,8 @@ int main(int argc, char *argv[]) {
if (temp == NULL) if (temp == NULL)
temp = "/tmp"; temp = "/tmp";
char *root;
if (asprintf(&root, "%s/chrootenvXXXXXX", temp) < 0) if (asprintf(&root, "%s/chrootenvXXXXXX", temp) < 0)
errorf(EX_IOERR, "asprintf"); errorf(EX_IOERR, "asprintf");
@ -166,8 +158,6 @@ int main(int argc, char *argv[]) {
if (root == NULL) if (root == NULL)
errorf(EX_IOERR, "mkdtemp(%s)", root); errorf(EX_IOERR, "mkdtemp(%s)", root);
atexit(root_cleanup);
// Don't make root private so that privilege drops inside chroot are possible: // Don't make root private so that privilege drops inside chroot are possible:
if (chmod(root, 0755) < 0) if (chmod(root, 0755) < 0)
errorf(EX_IOERR, "chmod(%s, 0755)", root); errorf(EX_IOERR, "chmod(%s, 0755)", root);
@ -232,6 +222,12 @@ int main(int argc, char *argv[]) {
if (waitpid(cpid, &status, 0) < 0) if (waitpid(cpid, &status, 0) < 0)
errorf(EX_OSERR, "waitpid(%d)", cpid); errorf(EX_OSERR, "waitpid(%d)", cpid);
if (nftw(root, nftw_remove, getdtablesize(),
FTW_DEPTH | FTW_MOUNT | FTW_PHYS) < 0)
errorf(EX_IOERR, "nftw(%s)", root);
free(root);
if (WIFEXITED(status)) { if (WIFEXITED(status)) {
return WEXITSTATUS(status); return WEXITSTATUS(status);
} else if (WIFSIGNALED(status)) { } else if (WIFSIGNALED(status)) {