f2d3be2a87
Only follow directory symlinks owned by target directory owner or root. This prevents privilege escalation from user-writable directories via directory symlinks to privileged directories on package upgrade, while still allowing admin to arrange disk usage with symlinks. The rationale is that if you can create symlinks owned by user X you *are* user X (or root), and if you also own directory Y you can do whatever with it already, including change permissions. So when you create a symlink to that directory, the link ownership acts as a simple stamp of authority that you indeed want rpm to treat this symlink as it were the directory that you own. Such a permission can only be given by you or root, which is just the way we want it. Plus it's almost ridiculously simple as far as rules go, compared to trying to calculate something from the source vs destination directory permissions etc. In the normal case, the user arranging diskspace with symlinks is indeed root so nothing changes, the only real change here is to links created by non-privileged users which should be few and far between in practise. Unfortunately our test-suite runs as a regular user via fakechroot and thus the testcase for this fails under the new rules. Adjust the testcase to get the ownership straight and add a second case for the illegal behavior, basically the same as the old one but with different expectations. |
||
|---|---|---|
| .tx | ||
| build | ||
| ci | ||
| db3 | ||
| doc | ||
| fileattrs | ||
| lib | ||
| luaext | ||
| misc | ||
| plugins | ||
| po | ||
| python | ||
| rpmio | ||
| scripts | ||
| sign | ||
| tests | ||
| tools | ||
| .gitignore | ||
| .mailmap | ||
| CHANGES | ||
| COPYING | ||
| CREDITS | ||
| INSTALL | ||
| Makefile.am | ||
| Makefile.maint | ||
| README | ||
| autogen.sh | ||
| cliutils.c | ||
| cliutils.h | ||
| configure.ac | ||
| debug.h | ||
| installplatform | ||
| macros.debug | ||
| macros.in | ||
| mkinstalldirs | ||
| platform.in | ||
| preinstall.am | ||
| rpm.am | ||
| rpm.pc.in | ||
| rpm2archive.c | ||
| rpm2cpio.c | ||
| rpmbuild.c | ||
| rpmdb.c | ||
| rpmkeys.c | ||
| rpmpopt.in | ||
| rpmqv.c | ||
| rpmrc.in | ||
| rpmsign.c | ||
| rpmspec.c | ||
| system.h | ||
README
This is RPM, the RPM Package Manager.
The latest releases are always available at:
http://rpm.org/releases/
Additional RPM documentation (papers, slides, HOWTOs) can also be
found at the same site: http://rpm.org.
http://rpm.org/community all rpm releated mailing lists.
RPM was originally written by:
Erik Troan <ewt@redhat.com>
Marc Ewing <marc@redhat.com>
See the CREDITS file for a list of folks who have helped us out
tremendously. RPM is Copyright (c) 1998 by Red Hat Software, Inc.,
and may be distributed under the terms of the GPL and LGPL (see the
file COPYING for details).