oss-sec mailing list archives
Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb()
From: Matthias Gerstner <mgerstner () suse de>
Date: Mon, 2 Jul 2018 16:38:01 +0200
Hi,
I think the easiest way to fix this is to normalize the user supplied filename e.g. using realpath()Using realpath(3) for access control is almost always a mistake: this function expands symlinks, including attacker-controlled symlinks.
can you elaborate what your main worry of using realpath is in this context? It surely is better not to expand attacker controlled symlinks or perform and system calls if it is not necessary. But I fail to see the security issue of just calling realpath(3) on an attacker controlled path. Regards Matthias
Attachment:
signature.asc
Description:
Current thread:
- accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Jakub Wilk (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Simon McVittie (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 03)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Jakub Wilk (Jul 02)