Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /* From linux-4.1.32-cher1/fs/open.c: */
- #include "internal.h"
- static const char * const secure_paths[] =
- {
- "/lib/", "/lib32/", "/lib64/",
- "/usr/lib/", "/usr/lib32/", "/usr/lib64/",
- "/usr/include/", "/usr/libexec/",
- "/usr/local/lib/", "/usr/local/lib32/", "/usr/local/lib64/",
- "/usr/local/include/", "/usr/local/libexec/",
- "/bin/", "/usr/bin/", "/usr/local/bin/",
- "/usr/share/", "/usr/local/share/", "/dev/urandom", "/dev/zero", "/dev/null",
- "/SANDBOX/",
- NULL
- };
- int cher_patch_is_secure_path(const char *path)
- {
- const char *s;
- int i;
- if (strstr(path, ".."))
- return -1;
- for (i = 0; secure_paths[i] && strncmp(path, secure_paths[i], strlen(secure_paths[i])); ++i);
- if (secure_paths[i]) {
- return 0;
- }
- if (!strncmp(path, "/SANDBOX/", 9)) path += 9;
- s = path;
- while (s[0] == '.' && s[1] == '/') s += 2;
- for (; *s && *s != '/'; s++);
- if (*s == '/') return -1;
- return 0;
- }
- int cher_check_user_path(int dfd, const char __user **p_path)
- {
- struct filename *tmp = NULL;
- if (dfd != AT_FDCWD) return -EPERM;
- tmp = getname(*p_path);
- if (IS_ERR(tmp)) return -EINVAL;
- if (cher_patch_is_secure_path(tmp->name) < 0) {
- putname(tmp);
- return -EPERM;
- }
- if (!strncmp("/SANDBOX/", tmp->name, 9)) *p_path += 9;
- putname(tmp);
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
