[PATCH] bb_make_directory(): simplify and robustify
Rasmus Villemoes
rasmus.villemoes at prevas.dk
Wed Mar 11 12:22:02 UTC 2020
For something like 'mkdir -m 0700 foo', if the caller happens to have
a permissive umask (say allowing group write via 0007 or 0002), the
created directory will temporarily have more permissions than
requested. That's a mild security issue.
This reworks bb_make_directory() to always create both intermediate
and the final component with 0 permissions, then chmods to the final
value.
Aside from the robustification, this also simplifies the code
somewhat (net -31LOC), since we get rid of the complicated "what umask
do we have now and be sure to set it back" - we only need to query the
current umask in case mode==-1, and can set it back immediately. Then
mode contains the mode of the final component, and intermediate
components should then be chmod'ed to pmode=mode|0300.
x86_64 defconfig:
function old new delta
bb_make_directory 452 396 -56
Signed-off-by: Rasmus Villemoes <rasmus.villemoes at prevas.dk>
---
Lightly tested and strace'd to see that it behaves as expected.
libbb/make_directory.c | 83 +++++++++++++-----------------------------
1 file changed, 26 insertions(+), 57 deletions(-)
diff --git a/libbb/make_directory.c b/libbb/make_directory.c
index 9b03bb8d0..9d95c2383 100644
--- a/libbb/make_directory.c
+++ b/libbb/make_directory.c
@@ -26,9 +26,8 @@
int FAST_FUNC bb_make_directory(char *path, long mode, int flags)
{
- mode_t cur_mask;
- mode_t org_mask;
const char *fail_msg;
+ mode_t pmode;
char *s;
char c;
struct stat st;
@@ -48,7 +47,13 @@ int FAST_FUNC bb_make_directory(char *path, long mode, int flags)
// return 0; /* ".." */
}
- org_mask = cur_mask = (mode_t)-1L;
+ if (mode == -1) {
+ mode_t org_mask = umask(0);
+ mode = 0777 & ~org_mask;
+ umask(org_mask);
+ }
+ pmode = mode | 0300;
+
s = path;
while (1) {
c = '\0';
@@ -68,32 +73,8 @@ int FAST_FUNC bb_make_directory(char *path, long mode, int flags)
}
}
- if (c != '\0') {
- /* Intermediate dirs: must have wx for user */
- if (cur_mask == (mode_t)-1L) { /* wasn't done yet? */
- mode_t new_mask;
- org_mask = umask(0);
- cur_mask = 0;
- /* Clear u=wx in umask - this ensures
- * they won't be cleared on mkdir */
- new_mask = (org_mask & ~(mode_t)0300);
- //bb_error_msg("org_mask:%o cur_mask:%o", org_mask, new_mask);
- if (new_mask != cur_mask) {
- cur_mask = new_mask;
- umask(new_mask);
- }
- }
- } else {
- /* Last component: uses original umask */
- //bb_error_msg("1 org_mask:%o", org_mask);
- if (org_mask != cur_mask) {
- cur_mask = org_mask;
- umask(org_mask);
- }
- }
-
//bb_error_msg("mkdir '%s'", path);
- if (mkdir(path, 0777) < 0) {
+ if (mkdir(path, 0000) < 0) {
/* If we failed for any other reason than the directory
* already exists, output a diagnostic and return -1 */
if ((errno != EEXIST && errno != EISDIR)
@@ -103,36 +84,31 @@ int FAST_FUNC bb_make_directory(char *path, long mode, int flags)
fail_msg = "create";
break;
}
- /* Since the directory exists, don't attempt to change
- * permissions if it was the full target. Note that
- * this is not an error condition. */
- if (!c) {
- goto ret0;
- }
+ /* Since the directory exists, don't attempt
+ * to change permissions. Note that this is
+ * not an error condition. */
} else {
if (flags & FILEUTILS_VERBOSE) {
printf("created directory: '%s'\n", path);
}
- }
-
- if (!c) {
- /* Done. If necessary, update perms on the newly
- * created directory. Failure to update here _is_
- * an error. */
- if (mode != -1) {
- //bb_error_msg("chmod 0%03lo mkdir '%s'", mode, path);
- if (chmod(path, mode) < 0) {
- fail_msg = "set permissions of";
- if (flags & FILEUTILS_IGNORE_CHMOD_ERR) {
- flags = 0;
- goto print_err;
- }
- break;
+ if (chmod(path, c ? pmode : mode) < 0) {
+ fail_msg = "set permissions of";
+ if (flags & FILEUTILS_IGNORE_CHMOD_ERR) {
+ flags = 0;
+ goto print_err;
}
+ break;
}
- goto ret0;
}
+ /* If this was the final component, we are done.
+ * Otherwise, continue with the next component, which
+ * may then fail to be created if the current one
+ * already existed but does not have sufficient
+ * permissions. */
+ if (!c)
+ return 0;
+
/* Remove any inserted nul from the path (recursive mode) */
*s = c;
} /* while (1) */
@@ -140,12 +116,5 @@ int FAST_FUNC bb_make_directory(char *path, long mode, int flags)
flags = -1;
print_err:
bb_perror_msg("can't %s directory '%s'", fail_msg, path);
- goto ret;
- ret0:
- flags = 0;
- ret:
- //bb_error_msg("2 org_mask:%o", org_mask);
- if (org_mask != cur_mask)
- umask(org_mask);
return flags;
}
--
2.23.0
More information about the busybox
mailing list