summaryrefslogtreecommitdiff
path: root/src/machine
diff options
context:
space:
mode:
authorRichard Maw <richard.maw@codethink.co.uk>2015-08-04 08:55:04 +0000
committerRichard Maw <richard.maw@codethink.co.uk>2015-08-04 09:11:23 +0000
commitd84401767785a8380700d5d9c805c36f5fc63980 (patch)
tree6d05341c99246bd7cce53dcac206f0c6779fb636 /src/machine
parent58a2e9acd8216f55b004e5432f76a851f7b233c0 (diff)
machined: Relax path checks for Copy{From,To}
Absolute paths should be sufficient to prevent funny business, and while path_is_safe() checks this, it also checks whether the path contains . or .. components, which while odd, aren't a security risk.
Diffstat (limited to 'src/machine')
-rw-r--r--src/machine/machine-dbus.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c
index dc42ffdc52..7658d7146d 100644
--- a/src/machine/machine-dbus.c
+++ b/src/machine/machine-dbus.c
@@ -825,13 +825,13 @@ int bus_machine_method_copy(sd_bus_message *message, void *userdata, sd_bus_erro
if (r < 0)
return r;
- if (!path_is_absolute(src) || !path_is_safe(src))
- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Source path must be absolute and not contain ../.");
+ if (!path_is_absolute(src))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Source path must be absolute.");
if (isempty(dest))
dest = src;
- else if (!path_is_absolute(dest) || !path_is_safe(dest))
- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Destination path must be absolute and not contain ../.");
+ else if (!path_is_absolute(dest))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Destination path must be absolute.");
r = bus_verify_polkit_async(
message,