oss-sec mailing list archives
Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb()
From: Simon McVittie <smcv () debian org>
Date: Mon, 2 Jul 2018 18:32:54 +0100
On Mon, 02 Jul 2018 at 16:10:24 +0200, Jakub Wilk wrote:
You patch uses g_file_get_path(), which AFIACT doesn't use any filesystem I/O for canonicalisation, so that should be fine.
It's specifically documented not to do any blocking I/O, and might provide syntactic canonicalisation (the documentation doesn't specifically say either way) but does not provide filesystem-aware canonicalisation. The documentation also specifically says that the returned path "might contain symlinks". It might be a good idea to double-check that the result of g_file_get_path() starts with "/", doesn't contain "/../" and (just for completeness) doesn't end with "/..". smcv
Current thread:
- accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Jakub Wilk (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Simon McVittie (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 03)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Jakub Wilk (Jul 02)