oss-sec mailing list archives
Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb()
From: Jakub Wilk <jwilk () jwilk net>
Date: Mon, 2 Jul 2018 16:10:24 +0200
* Matthias Gerstner <mgerstner () suse de>, 2018-07-02, 14:21:
I think the easiest way to fix this is to normalize the user supplied filename e.g. using realpath()
Using realpath(3) for access control is almost always a mistake: this function expands symlinks, including attacker-controlled symlinks.
You patch uses g_file_get_path(), which AFIACT doesn't use any filesystem I/O for canonicalisation, so that should be fine.
-- Jakub Wilk
Current thread:
- accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Jakub Wilk (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Simon McVittie (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 03)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Jakub Wilk (Jul 02)