• Sören Tempel's avatar
    abuild-rmtemp: Do not follow symbolic links · 17cb68e9
    Sören Tempel authored
    Symbolic links might point to files outside of the chroot and
    thus might delete files outside the chroot. This allows deletion
    of arbitrary directories on the host from a malicious APKBUILD.
    
    Following hard links shouldn't be a problem since hard links (usually)
    cannot refer to directories and since remove(3) removes the link, not
    the file it points to it shouldn't cause a problem.
    
    I noticed this because alpine-baselayout creates /var/run as a symlink
    to /run. Therefore causing /run to be deleted on the host when using
    abuild-rmtemp which in turn causes a bunch of software to no longer
    function properly (including OpenRC).
    17cb68e9
Name
Last commit
Last update
.devbuildrc Loading commit data...
.editorconfig Loading commit data...
.gitignore Loading commit data...
APKBUILD.5 Loading commit data...
Makefile Loading commit data...
abuild-fetch.c Loading commit data...
abuild-gzsplit.c Loading commit data...
abuild-keygen.in Loading commit data...
abuild-rmtemp.c Loading commit data...
abuild-sign.in Loading commit data...
abuild-sudo.c Loading commit data...
abuild-tar.c Loading commit data...
abuild.conf Loading commit data...
abuild.in Loading commit data...
abump.in Loading commit data...
apkbuild-cpan.in Loading commit data...
apkbuild-gem-resolver.in Loading commit data...
apkbuild-pypi.in Loading commit data...
apkgrel.in Loading commit data...
bootchartd Loading commit data...
buildlab.in Loading commit data...
checkapk.in Loading commit data...
config.guess Loading commit data...
config.sub Loading commit data...
functions.sh.in Loading commit data...
newapkbuild.1 Loading commit data...
newapkbuild.in Loading commit data...
sample.APKBUILD Loading commit data...
sample.confd Loading commit data...
sample.initd Loading commit data...
sample.post-install Loading commit data...
sample.pre-install Loading commit data...