1. 11 Oct, 2018 1 commit
    • Sören Tempel's avatar
      abuild-rmtemp: Do not follow symbolic links · 17cb68e9
      Sören Tempel authored
      Symbolic links might point to files outside of the chroot and
      thus might delete files outside the chroot. This allows deletion
      of arbitrary directories on the host from a malicious APKBUILD.
      
      Following hard links shouldn't be a problem since hard links (usually)
      cannot refer to directories and since remove(3) removes the link, not
      the file it points to it shouldn't cause a problem.
      
      I noticed this because alpine-baselayout creates /var/run as a symlink
      to /run. Therefore causing /run to be deleted on the host when using
      abuild-rmtemp which in turn causes a bunch of software to no longer
      function properly (including OpenRC).
      17cb68e9
  2. 19 Sep, 2017 1 commit
  3. 27 Jun, 2017 1 commit