Bug 1511099 - Make MAY_CREATE handling more consistent. r=jld
authorGian-Carlo Pascutto <gcp@mozilla.com>
Mon, 07 Jan 2019 15:21:32 +0000
changeset 509815 6a7b315a82b2ebc9402166d886fa8c93d805df10
parent 509814 d3b95f808e2878849127b8f4fc43527202eecf2a
child 509816 6b7071abf6eae6ec3c03f8f8bf5cc4f49cadfd5a
push id10547
push userffxbld-merge
push dateMon, 21 Jan 2019 13:03:58 +0000
treeherdermozilla-beta@24ec1916bffe [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjld
bugs1511099
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1511099 - Make MAY_CREATE handling more consistent. r=jld Differential Revision: https://phabricator.services.mozilla.com/D13523
security/sandbox/linux/broker/SandboxBroker.cpp
--- a/security/sandbox/linux/broker/SandboxBroker.cpp
+++ b/security/sandbox/linux/broker/SandboxBroker.cpp
@@ -378,17 +378,17 @@ static bool AllowOperation(int aReqFlags
   if (aReqFlags & R_OK) {
     needed |= SandboxBroker::MAY_READ;
   }
   if (aReqFlags & W_OK) {
     needed |= SandboxBroker::MAY_WRITE;
   }
   // We don't really allow executing anything,
   // so in true unix tradition we hijack this
-  // for directories.
+  // for directory access (creation).
   if (aReqFlags & X_OK) {
     needed |= SandboxBroker::MAY_CREATE;
   }
   return (aPerms & needed) == needed;
 }
 
 static bool AllowAccess(int aReqFlags, int aPerms) {
   if (aReqFlags & ~(R_OK | W_OK | X_OK | F_OK)) {
@@ -852,29 +852,29 @@ void SandboxBroker::ThreadMain(void) {
             }
           } else {
             AuditDenial(req.mOp, req.mFlags, perms, pathBuf);
           }
           break;
 
         case SANDBOX_FILE_LINK:
         case SANDBOX_FILE_SYMLINK:
-          if (permissive || AllowOperation(W_OK, perms)) {
+          if (permissive || AllowOperation(W_OK | X_OK, perms)) {
             if (DoLink(pathBuf, pathBuf2, req.mOp) == 0) {
               resp.mError = 0;
             } else {
               resp.mError = -errno;
             }
           } else {
             AuditDenial(req.mOp, req.mFlags, perms, pathBuf);
           }
           break;
 
         case SANDBOX_FILE_RENAME:
-          if (permissive || AllowOperation(W_OK, perms)) {
+          if (permissive || AllowOperation(W_OK | X_OK, perms)) {
             if (rename(pathBuf, pathBuf2) == 0) {
               resp.mError = 0;
             } else {
               resp.mError = -errno;
             }
           } else {
             AuditDenial(req.mOp, req.mFlags, perms, pathBuf);
           }
@@ -895,17 +895,17 @@ void SandboxBroker::ThreadMain(void) {
               resp.mError = -EEXIST;
             } else {
               AuditDenial(req.mOp, req.mFlags, perms, pathBuf);
             }
           }
           break;
 
         case SANDBOX_FILE_UNLINK:
-          if (permissive || AllowOperation(W_OK, perms)) {
+          if (permissive || AllowOperation(W_OK | X_OK, perms)) {
             if (unlink(pathBuf) == 0) {
               resp.mError = 0;
             } else {
               resp.mError = -errno;
             }
           } else {
             AuditDenial(req.mOp, req.mFlags, perms, pathBuf);
           }