mesos-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ji...@apache.org
Subject [1/3] mesos git commit: Overwriting Symbolic Links with Files in Copy Provisioner.
Date Tue, 18 Apr 2017 06:30:42 GMT
Repository: mesos
Updated Branches:
  refs/heads/1.2.x cb9474178 -> ccfb4cc81


Overwriting Symbolic Links with Files in Copy Provisioner.

When a layer overwrites a symbolic link with a regular file, the link
must be removed first, otherwise 'cp' would follow the link and
overwrite the target instead of the link itself.

Review: https://reviews.apache.org/r/58463/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/0c0b3cb1
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/0c0b3cb1
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/0c0b3cb1

Branch: refs/heads/1.2.x
Commit: 0c0b3cb1eb8c2e2d7b44eb64f41020eb5446d563
Parents: 994df2b
Author: Chun-Hung Hsiao <chhsiao@mesosphere.io>
Authored: Tue Apr 18 14:18:45 2017 +0800
Committer: Jie Yu <yujie.jay@gmail.com>
Committed: Tue Apr 18 14:28:04 2017 +0800

----------------------------------------------------------------------
 .../mesos/provisioner/backends/copy.cpp         | 28 +++++++++++++-------
 1 file changed, 19 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/0c0b3cb1/src/slave/containerizer/mesos/provisioner/backends/copy.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/provisioner/backends/copy.cpp b/src/slave/containerizer/mesos/provisioner/backends/copy.cpp
index a5cc38d..a54da48 100644
--- a/src/slave/containerizer/mesos/provisioner/backends/copy.cpp
+++ b/src/slave/containerizer/mesos/provisioner/backends/copy.cpp
@@ -188,15 +188,25 @@ Future<Nothing> CopyBackendProcess::_provision(
       }
     }
 
-    // Handle overwriting between directories and non-directories.
-    // Note: If a symbolic link is overwritten by a directory, the
-    // symbolic link must be removed before the directory is traversed
-    // so the following case won't cause a security issue:
-    //   ROOTFS: /bad@ -> /usr
-    //   LAYER:  /bad/bin/.wh.wh.opq
-    bool ftsIsDir = node->fts_info == FTS_D || node->fts_info == FTS_DC;
-    if (os::exists(rootfsPath) && os::stat::isdir(rootfsPath) != ftsIsDir) {
-      removePath = rootfsPath;
+    if (os::exists(rootfsPath)) {
+      bool ftsIsDir = node->fts_info == FTS_D || node->fts_info == FTS_DC;
+      if (os::stat::isdir(rootfsPath) != ftsIsDir) {
+        // Handle overwriting between a directory and a non-directory.
+        // Note: If a symlink is overwritten by a directory, the symlink
+        // must be removed before the directory is traversed so the
+        // following case won't cause a security issue:
+        //   ROOTFS: /bad@ -> /usr
+        //   LAYER:  /bad/bin/.wh.wh.opq
+        removePath = rootfsPath;
+      } else if (os::stat::islink(rootfsPath)) {
+        // Handle overwriting a symlink with a regular file.
+        // Note: The symlink must be removed, or 'cp' would follow the
+        // link and overwrite the target instead of the link itself,
+        // which would cause a security issue in the following case:
+        //   ROOTFS: /bad@ -> /usr/bin/python
+        //   LAYER:  /bad is a malicious executable
+        removePath = rootfsPath;
+      }
     }
 
     // The file/directory referred to by removePath may be empty or have


Mime
View raw message