[PATCH 1/2] erofs-utils: fsck: never follow exist symlinks when overwriting
Gao Xiang
hsiangkao at linux.alibaba.com
Wed Jan 26 14:37:25 AEDT 2022
Otherwise, we could face potential security issues.
Fixes: 412c8f908132 ("erofs-utils: fsck: add --extract=X support to extract to path X")
Signed-off-by: Gao Xiang <hsiangkao at linux.alibaba.com>
---
fsck/main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fsck/main.c b/fsck/main.c
index 14534b9..f2af609 100644
--- a/fsck/main.c
+++ b/fsck/main.c
@@ -496,8 +496,8 @@ static inline int erofs_extract_file(struct erofs_inode *inode)
again:
fd = open(fsckcfg.extract_path,
- O_WRONLY | O_CREAT | (fsckcfg.overwrite ? O_TRUNC : O_EXCL),
- 0700);
+ O_WRONLY | O_CREAT | O_NOFOLLOW |
+ (fsckcfg.overwrite ? O_TRUNC : O_EXCL), 0700);
if (fd < 0) {
if (fsckcfg.overwrite && tryagain) {
if (errno == EISDIR) {
--
2.24.4
More information about the Linux-erofs
mailing list