oss-sec mailing list archives

Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb()

From: Matthias Gerstner <mgerstner () suse de>
Date: Mon, 2 Jul 2018 16:38:01 +0200

Hi,

I think the easiest way to fix this is to normalize the user supplied 
filename e.g. using realpath()


Using realpath(3) for access control is almost always a mistake: this 
function expands symlinks, including attacker-controlled symlinks.


can you elaborate what your main worry of using realpath is in this
context?

It surely is better not to expand attacker controlled symlinks or
perform and system calls if it is not necessary. But I fail to see the
security issue of just calling realpath(3) on an attacker controlled
path.

Regards

Matthias

Attachment: signature.asc
Description:

Current thread:

accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Jakub Wilk (Jul 02)
  - Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 02)
    - Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Jakub Wilk (Jul 20)
  - Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Simon McVittie (Jul 02)
    - Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 03)