Bug 1335329 - Improve handling of mkdir() on preexisting directories in Linux sandbox file broker. r=gcp

If the path given doesn't have write+create permissions in the broker
policy, but does have MAY_ACCESS (i.e., if checking for its existence
with lstat() or access() would be allowed), then check for its existence
and fail with EEXIST the way the the real mkdir() would.

Note that mkdir() fails with EEXIST even the existing file isn't a
directory, including if it's a broken symlink.

MozReview-Commit-ID: 13Cwnq1nRrw

--HG--
extra : rebase_source : c37caa091583fa85a0a72ed62fa9f12a3523e8f4
This commit is contained in:
Jed Davis 2017-02-02 11:56:21 -07:00
parent 75ddc332a5
commit 467786d86a
2 changed files with 12 additions and 1 deletions

View File

@ -673,7 +673,14 @@ SandboxBroker::ThreadMain(void)
resp.mError = -errno;
}
} else {
AuditDenial(req.mOp, req.mFlags, perms, pathBuf);
struct stat sb;
// This doesn't need an additional policy check because
// MAY_ACCESS is required to even enter this switch statement.
if (lstat(pathBuf, &sb) == 0) {
resp.mError = -EEXIST;
} else {
AuditDenial(req.mOp, req.mFlags, perms, pathBuf);
}
}
break;

View File

@ -321,6 +321,10 @@ TEST_F(SandboxBrokerTest, Mkdir)
EXPECT_EQ(-EACCES, Mkdir("/tmp/nope", 0600))
<< "Creating dir without MAY_CREATE succeed.";
EXPECT_EQ(0, rmdir("/tmp/blublu"));
EXPECT_EQ(-EEXIST, Mkdir("/proc/self", 0600))
<< "Creating uncreatable dir that already exists didn't fail correctly.";
EXPECT_EQ(-EEXIST, Mkdir("/dev/zero", 0600))
<< "Creating uncreatable dir over preexisting file didn't fail correctly.";
PrePostTestCleanup();
}