oss-sec mailing list archives
Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb()
From: Simon McVittie <smcv () debian org>
Date: Mon, 2 Jul 2018 18:32:54 +0100
On Mon, 02 Jul 2018 at 16:10:24 +0200, Jakub Wilk wrote:
You patch uses g_file_get_path(), which AFIACT doesn't use any filesystem I/O for canonicalisation, so that should be fine.
It's specifically documented not to do any blocking I/O, and might provide
syntactic canonicalisation (the documentation doesn't specifically say
either way) but does not provide filesystem-aware canonicalisation.
The documentation also specifically says that the returned path "might
contain symlinks".
It might be a good idea to double-check that the result of
g_file_get_path() starts with "/", doesn't contain "/../" and (just for
completeness) doesn't end with "/..".
smcv
Current thread:
- accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Jakub Wilk (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Simon McVittie (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 03)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Jakub Wilk (Jul 02)