From patchwork Tue Apr 14 10:44:32 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: lauri X-Patchwork-Id: 6214921 Return-Path: X-Original-To: patchwork-linux-btrfs@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id BE6A1BF4A6 for ; Tue, 14 Apr 2015 10:45:57 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id DE9A120212 for ; Tue, 14 Apr 2015 10:45:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 03E75201CD for ; Tue, 14 Apr 2015 10:45:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755259AbbDNKpu (ORCPT ); Tue, 14 Apr 2015 06:45:50 -0400 Received: from mail-la0-f51.google.com ([209.85.215.51]:33445 "EHLO mail-la0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754473AbbDNKo7 (ORCPT ); Tue, 14 Apr 2015 06:44:59 -0400 Received: by layy10 with SMTP id y10so4506588lay.0 for ; Tue, 14 Apr 2015 03:44:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:mime-version:content-type :content-transfer-encoding; bh=EzEMZnCortCqMSIm4xHFMDGM7B9RR63qJ1u93cr1iHg=; b=rMSFKT68EGFgZm53PQBUo3bZ6S4dP+3a2wGWtLAhcNiafMGRwrCsFRit3fCHhNNLbn G1pyc1gBimDGXpIuMF9niHuUprQHyjyT58WljAYI8Wp0PhIldGLMXcJ1z2k/tcGeQgQW H3qjUVWa0r0CwftkBIno3sjv0J7Np8TLDj29q18WUGWw0L8DIQMbCs+Fc0TZEtfxzrKZ q14ogbZb8yB2GWzwiQSbNvw9J9PU/wYDEx38febuuXhEG0w6ev3AspYH05ZnvswxxXx5 fKgIIqXRcqw0dwHeXrp1sUZSDkQhlJIh8NfyWH2Phu7y7MAArex26GNZ2MRQwNmI6Qsp SaCg== X-Received: by 10.152.36.2 with SMTP id m2mr17323114laj.72.1429008298515; Tue, 14 Apr 2015 03:44:58 -0700 (PDT) Received: from lauri-c720p.koodur.com (40.13.168.213.sta.estpak.ee. [213.168.13.40]) by mx.google.com with ESMTPSA id s8sm143408las.29.2015.04.14.03.44.57 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 14 Apr 2015 03:44:57 -0700 (PDT) From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= To: linux-btrfs@vger.kernel.org Cc: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Subject: [PATCH] btrfs-progs: enforce chroot for btrfs receive Date: Tue, 14 Apr 2015 13:44:32 +0300 Message-Id: <217a387d55b5828a82fadad98dd88a959e7a13ed.1429008167.git.lauri.vosandi@gmail.com> X-Mailer: git-send-email 1.9.1 MIME-Version: 1.0 Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, T_DKIM_INVALID, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This patch forces btrfs receive to issue chroot before parsing the btrfs stream to confine the process and minimize damage that could be done via malicious btrfs stream. Signed-off-by: Lauri Võsandi --- cmds-receive.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/cmds-receive.c b/cmds-receive.c index 44ef27e..8be92ea 100644 --- a/cmds-receive.c +++ b/cmds-receive.c @@ -867,15 +867,17 @@ static int do_receive(struct btrfs_receive *r, const char *tomnt, int r_fd, goto out; } - /* - * find_mount_root returns a root_path that is a subpath of - * dest_dir_full_path. Now get the other part of root_path, - * which is the destination dir relative to root_path. - */ - r->dest_dir_path = dest_dir_full_path + strlen(r->root_path); - while (r->dest_dir_path[0] == '/') - r->dest_dir_path++; + if (chroot(dest_dir_full_path)) { + ret = -errno; + fprintf(stderr, + "ERROR: failed to chroot to %s, %s\n", + dest_dir_full_path, + strerror(-ret)); + goto out; + } + r->root_path = r->dest_dir_path = strdup("/"); + ret = subvol_uuid_search_init(r->mnt_fd, &r->sus); if (ret < 0) goto out;