From d84401767785a8380700d5d9c805c36f5fc63980 Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Tue, 4 Aug 2015 08:55:04 +0000 Subject: machined: Relax path checks for Copy{From,To} Absolute paths should be sufficient to prevent funny business, and while path_is_safe() checks this, it also checks whether the path contains . or .. components, which while odd, aren't a security risk. --- src/machine/machine-dbus.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c index dc42ffdc52..7658d7146d 100644 --- a/src/machine/machine-dbus.c +++ b/src/machine/machine-dbus.c @@ -825,13 +825,13 @@ int bus_machine_method_copy(sd_bus_message *message, void *userdata, sd_bus_erro if (r < 0) return r; - if (!path_is_absolute(src) || !path_is_safe(src)) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Source path must be absolute and not contain ../."); + if (!path_is_absolute(src)) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Source path must be absolute."); if (isempty(dest)) dest = src; - else if (!path_is_absolute(dest) || !path_is_safe(dest)) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Destination path must be absolute and not contain ../."); + else if (!path_is_absolute(dest)) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Destination path must be absolute."); r = bus_verify_polkit_async( message, -- cgit v1.2.3-54-g00ecf From 1fe6fa167902199b6d0190697368bb1e80aeb465 Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Fri, 31 Jul 2015 15:24:09 +0000 Subject: machinectl: support relative host paths in copy-{from,to} --- src/machine/machinectl.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/machine/machinectl.c b/src/machine/machinectl.c index 7cb6ce77ac..66ed41087c 100644 --- a/src/machine/machinectl.c +++ b/src/machine/machinectl.c @@ -1073,6 +1073,8 @@ static int terminate_machine(int argc, char *argv[], void *userdata) { static int copy_files(int argc, char *argv[], void *userdata) { _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL; + _cleanup_free_ char *abs_host_path = NULL; + char *dest, *host_path, *container_path; sd_bus *bus = userdata; bool copy_from; int r; @@ -1082,6 +1084,16 @@ static int copy_files(int argc, char *argv[], void *userdata) { polkit_agent_open_if_enabled(); copy_from = streq(argv[0], "copy-from"); + dest = argv[3] ?: argv[2]; + host_path = copy_from ? dest : argv[2]; + container_path = copy_from ? argv[2] : dest; + + if (!path_is_absolute(host_path)) { + abs_host_path = path_make_absolute_cwd(host_path); + if (!abs_host_path) + return log_oom(); + host_path = abs_host_path; + } r = sd_bus_call_method( bus, @@ -1093,8 +1105,8 @@ static int copy_files(int argc, char *argv[], void *userdata) { NULL, "sss", argv[1], - argv[2], - argv[3]); + copy_from ? container_path : host_path, + copy_from ? host_path : container_path); if (r < 0) { log_error("Failed to copy: %s", bus_error_message(&error, -r)); return r; -- cgit v1.2.3-54-g00ecf