tmpfiles: ensure we do no follow symlinks when cleaning up dirs

Patch suggested by Miloslav Trmac.
2024-10-28 11:55:44 +03:00 · 2010-12-28 14:20:21 +01:00 · 2010-12-28 14:20:21 +01:00 · a247755d52
commit a247755d52
parent 5b8191986c
3 changed files with 4 additions and 4 deletions
--- a/src/tmpfiles.c
+++ b/src/tmpfiles.c
@ -149,7 +149,7 @@ static int dir_cleanup(
                                DIR *sub_dir;
                                int q;

-                                sub_dir = xopendirat(dirfd(d), dent->d_name);
+                                sub_dir = xopendirat(dirfd(d), dent->d_name, O_NOFOLLOW);
                                if (sub_dir == NULL) {
                                        if (errno != ENOENT) {
                                                log_error("opendir(%s/%s) failed: %m", p, dent->d_name);
--- a/src/util.c
+++ b/src/util.c
@ -3402,8 +3402,8 @@ bool null_or_empty(struct stat *st) {
        return false;
 }

-DIR *xopendirat(int fd, const char *name) {
-        return fdopendir(openat(fd, name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC));
+DIR *xopendirat(int fd, const char *name, int flags) {
+        return fdopendir(openat(fd, name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|flags));
 }

 int signal_from_string_try_harder(const char *s) {
--- a/src/util.h
+++ b/src/util.h
@ -363,7 +363,7 @@ _noreturn_ void freeze(void);

 bool null_or_empty(struct stat *st);

-DIR *xopendirat(int dirfd, const char *name);
+DIR *xopendirat(int dirfd, const char *name, int flags);

 void dual_timestamp_serialize(FILE *f, const char *name, dual_timestamp *t);
 void dual_timestamp_deserialize(const char *value, dual_timestamp *t);