From f9482ff799e8b11c6b05ba6bca24558cd4f7fad2 Mon Sep 17 00:00:00 2001
From: Pascal Terjan <pterjan@google.com>
Date: Fri, 1 Feb 2013 15:52:48 +0000
Subject: Fix some of the vulnerabilities in iurt_root_command

---
 iurt_root_command | 19 +++++--------------
 1 file changed, 5 insertions(+), 14 deletions(-)

(limited to 'iurt_root_command')

diff --git a/iurt_root_command b/iurt_root_command
index 7abd842..3104062 100755
--- a/iurt_root_command
+++ b/iurt_root_command
@@ -243,7 +243,6 @@ sub rm {
     my ($_run, $opt, @files) = @_;
     my $ok = 1;
     my $done;
-    my $unauthorized = "^(/etc|/root|/dev|/var|/lib|/usr)";
 
     foreach my $f (@files) {
 	if (-d $f) {
@@ -251,7 +250,7 @@ sub rm {
 		plog('WARN', "can't remove directories without the -r option");
 		$ok = 0;
 	    } else {
-		if ($f =~ m,$unauthorized,) {
+		if (!check_path_authorized($f)) {
 		    plog('FAIL', "removal of $f forbidden");
 		    $ok = 0;
 		} else {
@@ -261,7 +260,7 @@ sub rm {
 		}
 	    }
 	} else {
-	    if ($f =~ m,/$unauthorized,) {
+	    if (!check_path_authorized($f)) {
 		plog("removal of $f forbidden");
 		$ok = 0;
 	    } else {
@@ -271,7 +270,7 @@ sub rm {
 
 		if ($f =~ /[*?]/) {
 		    foreach my $file (glob $f) {
-			if ($f =~ m,$unauthorized,) {
+			if (!check_path_authorized($f)) {
 			    plog('FAIL', "removal of $f forbidden");
 			    $ok = 0;
 			} else {
@@ -297,11 +296,7 @@ sub cp {
     my $ok = 1;
     my $done;
     my $dest = pop @files;
-    my $unauthorized = "^(/etc|/root|/dev|/var|/lib|/usr)";
-    if ($dest =~ /$unauthorized/ || $dest eq '/') {
-	plog('FAIL', "copying to $dest forbidden");
-	return;
-    }	
+    check_path_authorized($dest) or return;
     foreach my $f (@files) {
 	if (-d $f) {
 	    if (!$opt->{recursive}) {
@@ -340,11 +335,7 @@ sub cp {
 
 sub ln {
     my ($_run, $_opt, $file1, $file2) = @_;
-    my $unauthorized = "^(/etc|/root|/dev|/var|/lib|/usr)";
-    if ($file2 =~ /$unauthorized/ || $file2 eq '/') {
-	plog('FAIL', "linking to $file2 forbidden");
-	return;
-    }	
+    check_path_authorized($file1) && check_path_authorized($file2) or return;
     link $file1, $file2;
 }
 
-- 
cgit v1.2.1