From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 30 May 2018 16:21:58 +0000 (+0200)
Subject: smack: make mac_smack_fix() deal somewhat sensible with non-absolute paths
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=aa15ecac3f6b7d995748fd668c39cf1c8c63e476;p=elogind.git

smack: make mac_smack_fix() deal somewhat sensible with non-absolute paths

This tries to improve the mac_smack_fix() logic a bit, by properly
handling non-absolute paths.

It's still pretty broken though, which is sad for security technology:
non-normalized paths (for example "/usr/../dev/sda") will still not be
treated correctly. I am not sure how to fix that properly though, and I
don't understand SMACK well enough to do so. This fix hence just fixes
to most obvious glaring issue.
---

diff --git a/src/basic/smack-util.c b/src/basic/smack-util.c
index d292b6afb..491b421ab 100644
--- a/src/basic/smack-util.c
+++ b/src/basic/smack-util.c
@@ -138,9 +138,22 @@ int mac_smack_fix(const char *path, LabelFixFlags flags) {
         if (!mac_smack_use())
                 return 0;
 
-        /* Path must be in /dev */
-        if (!path_startswith(path, "/dev"))
-                return 0;
+        /* Path must be in /dev. Note that this check is pretty sloppy, as we might be called with non-normalized paths
+         * and hence not detect all cases of /dev. */
+
+        if (path_is_absolute(path)) {
+                if (!path_startswith(path, "/dev"))
+                        return 0;
+        } else {
+                _cleanup_free_ char *cwd = NULL;
+
+                r = safe_getcwd(&cwd);
+                if (r < 0)
+                        return r;
+
+                if (!path_startswith(cwd, "/dev"))
+                        return 0;
+        }
 
         fd = open(path, O_NOFOLLOW|O_CLOEXEC|O_PATH);
         if (fd < 0) {