Prevent path traversal outside of $airootfs_dir

This commit is contained in:
nl6720 2020-11-30 09:19:05 +02:00
parent 42d9e4f983
commit 183ae52792
No known key found for this signature in database
GPG Key ID: 5CE88535E188D369

View File

@ -268,11 +268,15 @@ _make_custom_airootfs() {
# Set ownership and mode for files and directories # Set ownership and mode for files and directories
for filename in "${!file_permissions[@]}"; do for filename in "${!file_permissions[@]}"; do
IFS=':' read -ra permissions <<< "${file_permissions["${filename}"]}" IFS=':' read -ra permissions <<< "${file_permissions["${filename}"]}"
if [[ -e "${airootfs_dir}${filename}" ]]; then # Prevent file path traversal outside of $airootfs_dir
chown -fh -- "${permissions[0]}:${permissions[1]}" "${airootfs_dir}${filename}" if [[ "$(realpath -q -- "${airootfs_dir}${filename}")" != "${airootfs_dir}"* ]]; then
chmod -f -- "${permissions[2]}" "${airootfs_dir}${filename}" _msg_error "Failed to set permissions on '${airootfs_dir}${filename}'. Outside of valid path." 1
else # Warn if the file does not exist
elif [[ ! -e "${airootfs_dir}${filename}" ]]; then
_msg_warning "Cannot change permissions of '${airootfs_dir}${filename}'. The file or directory does not exist." _msg_warning "Cannot change permissions of '${airootfs_dir}${filename}'. The file or directory does not exist."
else
echo chown -fh -- "${permissions[0]}:${permissions[1]}" "${airootfs_dir}${filename}"
echo chmod -f -- "${permissions[2]}" "${airootfs_dir}${filename}"
fi fi
done done
_msg_info "Done!" _msg_info "Done!"
@ -309,15 +313,22 @@ _make_customize_airootfs() {
if [[ -e "${profile}/airootfs/etc/passwd" ]]; then if [[ -e "${profile}/airootfs/etc/passwd" ]]; then
_msg_info "Copying /etc/skel/* to user homes..." _msg_info "Copying /etc/skel/* to user homes..."
while IFS=':' read -a passwd -r; do while IFS=':' read -a passwd -r; do
# Only operate on UIDs in range 100059999
(( passwd[2] >= 1000 && passwd[2] < 60000 )) || continue (( passwd[2] >= 1000 && passwd[2] < 60000 )) || continue
# Skip invalid home directories
[[ "${passwd[5]}" == '/' ]] && continue [[ "${passwd[5]}" == '/' ]] && continue
[[ -z "${passwd[5]}" ]] && continue [[ -z "${passwd[5]}" ]] && continue
if [[ ! -d "${airootfs_dir}${passwd[5]}" ]]; then # Prevent path traversal outside of $airootfs_dir
install -d -m 0750 -o "${passwd[2]}" -g "${passwd[3]}" -- "${airootfs_dir}${passwd[5]}" if [[ "$(realpath -q -- "${airootfs_dir}${passwd[5]}")" == "${airootfs_dir}"* ]]; then
if [[ ! -d "${airootfs_dir}${passwd[5]}" ]]; then
install -d -m 0750 -o "${passwd[2]}" -g "${passwd[3]}" -- "${airootfs_dir}${passwd[5]}"
fi
cp -dnRT --preserve=mode,timestamps,links -- "${airootfs_dir}/etc/skel/." "${airootfs_dir}${passwd[5]}"
chmod -f 0750 -- "${airootfs_dir}${passwd[5]}"
chown -hR -- "${passwd[2]}:${passwd[3]}" "${airootfs_dir}${passwd[5]}"
else
_msg_error "Failed to set permissions on '${airootfs_dir}${passwd[5]}'. Outside of valid path." 1
fi fi
cp -dnRT --preserve=mode,timestamps,links -- "${airootfs_dir}/etc/skel/." "${airootfs_dir}${passwd[5]}"
chmod -f 0750 -- "${airootfs_dir}${passwd[5]}"
chown -hR -- "${passwd[2]}:${passwd[3]}" "${airootfs_dir}${passwd[5]}"
done < "${profile}/airootfs/etc/passwd" done < "${profile}/airootfs/etc/passwd"
_msg_info "Done!" _msg_info "Done!"
fi fi