packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update libgsystem, use it to set dirfd-relative xattrs on symlinks 

This is a bit more efficient in that we're not walking full paths, and
it helps avoid security/reliability issues if an attacker (or just a
misbehaving process) has the ability to mutate paths in the middle.
This commit is contained in:
Colin Walters 2014-02-26 16:34:37 -05:00
parent 0eb8c37ecb
commit 683a719b7e
3 changed files with 7 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libgsystem

@ -1 +1 @@
Subproject commit 8bf85b5db308846f4c55984ff73b8ee515b9b1d0 Subproject commit 31cd0b96bba5ccf391f4c4f5d94cddce44c65793

9
src/libostree/ostree-repo-checkout.c
View File

@ -190,11 +190,10 @@ checkout_file_from_input_at (OstreeRepoCheckoutMode mode,
goto out; goto out;
} }
/* Fall back to filename based setting here due to lack of lsetxattrat */
if (xattrs) if (xattrs)
{ {
gs_unref_object GFile *path = g_file_get_child (destination_parent, destination_name); if (!gs_dfd_and_name_set_all_xattrs (destination_dfd, destination_name,
if (!gs_file_set_all_xattrs (path, xattrs, cancellable, error)) xattrs, cancellable, error))
goto out; goto out;
} }
} }
@ -260,8 +259,8 @@ checkout_file_unioning_from_input_at (OstreeRepoCheckoutMode mode,
if (xattrs) if (xattrs)
{ {
gs_unref_object GFile *temp_path = g_file_get_child (destination_parent, temp_filename); if (!gs_dfd_and_name_set_all_xattrs (destination_dfd, destination_name,
if (!gs_file_set_all_xattrs (temp_path, xattrs, cancellable, error)) xattrs, cancellable, error))
goto out; goto out;
} }
} }

6
src/libostree/ostree-repo-commit.c
View File

@ -87,12 +87,10 @@ commit_loose_object_trusted (OstreeRepo *self,
goto out; goto out;
} }
/* Sadly we can't use at-relative API for symlink xattrs
* because there's no lsetxattrat.
*/
if (xattrs != NULL) if (xattrs != NULL)
{ {
if (!gs_file_set_all_xattrs (temp_file, xattrs, cancellable, error)) if (!gs_dfd_and_name_set_all_xattrs (self->tmp_dir_fd, temp_filename,
xattrs, cancellable, error))
goto out; goto out;
} }
} }