diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-11-01 10:03:26 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2024-11-01 10:05:53 +0100 |
| commit | 4c9c8b8d09eff18df71ba4aa910df4201f9890a0 (patch) | |
| tree | a933595636eabb051fa8f3a0835befd058e0a29e /src/coredump | |
| parent | coredump: rework protocol between coredump pattern handler and processing ser... (diff) | |
| download | systemd-4c9c8b8d09eff18df71ba4aa910df4201f9890a0.tar.xz systemd-4c9c8b8d09eff18df71ba4aa910df4201f9890a0.zip | |
coredump: lock down EnterNamespace= mount even more
Let's disable symlink following if we attach a container's mount tree to
our own mount namespace. We afte rall mount the tree to a different
location in the mount tree than where it was inside the container, hence
symlinks (if they exist) will all point to the wrong places (even if
relative, some might point to other places). And since symlink attacks
are a thing, and we let libdw operate on the tree, let's lock this down
as much as we can and simply disable symlink traversal entirely.
Diffstat (limited to 'src/coredump')
| -rw-r--r-- | src/coredump/coredump.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c index c3e97325e0..7782839c2d 100644 --- a/src/coredump/coredump.c +++ b/src/coredump/coredump.c @@ -824,7 +824,7 @@ static int attach_mount_tree(int mount_tree_fd) { r = mount_setattr(mount_tree_fd, "", AT_EMPTY_PATH, &(struct mount_attr) { - .attr_set = MOUNT_ATTR_RDONLY|MOUNT_ATTR_NOSUID|MOUNT_ATTR_NODEV|MOUNT_ATTR_NOEXEC, + .attr_set = MOUNT_ATTR_RDONLY|MOUNT_ATTR_NOSUID|MOUNT_ATTR_NODEV|MOUNT_ATTR_NOEXEC|MOUNT_ATTR_NOSYMFOLLOW, .propagation = MS_SLAVE, }, sizeof(struct mount_attr)); if (r < 0) |