From: Matthias Gerstner Date: Wed, 27 Dec 2023 13:01:59 +0000 (+0100) Subject: pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS situations X-Git-Tag: accepted/tizen/base/20240530.091900^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F14%2F311114%2F1;p=platform%2Fupstream%2Fpam.git pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS situations (backporting, CVE-2024-22356) Without O_DIRECTORY the path crawling logic is subject to e.g. FIFOs being placed in user controlled directories, causing the PAM module to block indefinitely during `openat()`. Pass O_DIRECTORY to cause the `openat()` to fail if the path does not refer to a directory. With this the check whether the final path element is a directory becomes unnecessary, drop it. Original: upstream, https://github.com/linux-pam/linux-pam/commit/031bb5a Change-Id: I099e6d7fa62446160babf79d41fb19bfbfe5b186 Signed-off-by: Youngjae Cho (cherry picked from commit cb1ff0632d1d392606509c46d8fd25271a715825) --- diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c index a40f05e..ed9b5fd 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c @@ -1012,7 +1012,7 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, int dfd = AT_FDCWD; int dfd_next; int save_errno; - int flags = O_RDONLY; + int flags = O_RDONLY | O_DIRECTORY; int rv = -1; struct stat st; @@ -1066,22 +1066,6 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, rv = openat(dfd, dir, flags); } - if (rv != -1) { - if (fstat(rv, &st) != 0) { - save_errno = errno; - close(rv); - rv = -1; - errno = save_errno; - goto error; - } - if (!S_ISDIR(st.st_mode)) { - close(rv); - errno = ENOTDIR; - rv = -1; - goto error; - } - } - if (flags & O_NOFOLLOW) { /* we are inside user-owned dir - protect */ if (protect_mount(rv, p, idata) == -1) {