From 992f87e192673d74cbdc4a50c27b8169401c6720 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 16 Jul 2010 02:56:40 +0200 Subject: install: refuse installation of symlinked units --- src/install.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/src/install.c b/src/install.c index 6fc2a9fbcd..bd23a938f3 100644 --- a/src/install.c +++ b/src/install.c @@ -24,6 +24,7 @@ #include #include #include +#include #include "log.h" #include "path-lookup.h" @@ -722,22 +723,32 @@ static int install_info_apply(LookupPaths *paths, InstallInfo *i, const char *co assert(i); STRV_FOREACH(p, paths->unit_path) { + int fd; if (!(filename = path_make_absolute(i->name, *p))) { log_error("Out of memory"); return -ENOMEM; } - if ((f = fopen(filename, "re"))) - break; + /* Ensure that we don't follow symlinks */ + if ((fd = open(filename, O_RDONLY|O_CLOEXEC|O_NOFOLLOW|O_NOCTTY)) >= 0) + if ((f = fdopen(fd, "re"))) + break; - free(filename); - filename = NULL; + if (errno == ELOOP) { + log_error("Refusing to operate on symlinks, please pass unit names or absolute paths to unit files."); + free(filename); + return -errno; + } if (errno != ENOENT) { log_error("Failed to open %s: %m", filename); + free(filename); return -errno; } + + free(filename); + filename = NULL; } if (!f) { @@ -810,7 +821,7 @@ static int do_realize(bool enabled) { } if (arg_where == WHERE_SYSTEM && sd_booted() <= 0) { - log_info("systemd is not running, --realize has not effect."); + log_info("systemd is not running, --realize has no effect."); return 0; } -- cgit v1.2.3-54-g00ecf