diff options
| author | Olivier Blin <blino@mageia.org> | 2010-11-01 23:05:12 +0000 |
|---|---|---|
| committer | Olivier Blin <blino@mageia.org> | 2010-11-01 23:05:12 +0000 |
| commit | 363b9c4f4d4a142433bc9d66ab51df173bf48ae9 (patch) | |
| tree | 4e62a5f80894738bbb6e4d3421cbb4849852aa02 /iurt_root_command | |
| parent | 55b6e739ab689e89b32a8ae43cc558ed835d8afd (diff) | |
| download | iurt-363b9c4f4d4a142433bc9d66ab51df173bf48ae9.tar iurt-363b9c4f4d4a142433bc9d66ab51df173bf48ae9.tar.gz iurt-363b9c4f4d4a142433bc9d66ab51df173bf48ae9.tar.bz2 iurt-363b9c4f4d4a142433bc9d66ab51df173bf48ae9.tar.xz iurt-363b9c4f4d4a142433bc9d66ab51df173bf48ae9.zip | |
check authorization for canonicalized path
Diffstat (limited to 'iurt_root_command')
| -rwxr-xr-x | iurt_root_command | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/iurt_root_command b/iurt_root_command index 6f07e7d..05b6cdc 100755 --- a/iurt_root_command +++ b/iurt_root_command @@ -28,6 +28,7 @@ use Mkcd::Commandline qw(parseCommandLine usage); use MDK::Common; use File::NCopy qw(copy); use Iurt::Util qw(plog_init plog); +use Cwd 'realpath'; my $arg = @ARGV; my (@params, %run); @@ -319,7 +320,10 @@ sub check_path_authorized { plog('FAIL', "can't find home for $ENV{SUDO_USER}"); return; } - if ($path !~ /^\Q$authorized\E/) { + + #- check authorization for canonicalized path (with .. and symlinks resolved) + my $realpath = realpath($path); + if ($realpath !~ /^\Q$authorized\E/) { plog('FAIL', "$path forbidden"); return; } |