1304060Smm/*- 2304060Smm * Copyright (c) 2003-2007,2016 Tim Kientzle 3304060Smm * All rights reserved. 4304060Smm * 5304060Smm * Redistribution and use in source and binary forms, with or without 6304060Smm * modification, are permitted provided that the following conditions 7304060Smm * are met: 8304060Smm * 1. Redistributions of source code must retain the above copyright 9304060Smm * notice, this list of conditions and the following disclaimer. 10304060Smm * 2. Redistributions in binary form must reproduce the above copyright 11304060Smm * notice, this list of conditions and the following disclaimer in the 12304060Smm * documentation and/or other materials provided with the distribution. 13304060Smm * 14304060Smm * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 15304060Smm * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16304060Smm * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17304060Smm * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 18304060Smm * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19304060Smm * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20304060Smm * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21304060Smm * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22304060Smm * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23304060Smm * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24304060Smm */ 25304060Smm#include "test.h" 26304060Smm__FBSDID("$FreeBSD: stable/11/contrib/libarchive/libarchive/test/test_write_disk_secure745.c 306321 2016-09-25 22:02:27Z mm $"); 27304060Smm 28304060Smm#define UMASK 022 29304060Smm 30304060Smm/* 31304060Smm * Github Issue #745 describes a bug in the sandboxing code that 32304060Smm * allows one to use a symlink to edit the permissions on a file or 33304060Smm * directory outside of the sandbox. 34304060Smm */ 35304060Smm 36304060SmmDEFINE_TEST(test_write_disk_secure745) 37304060Smm{ 38304060Smm#if defined(_WIN32) && !defined(__CYGWIN__) 39304060Smm skipping("archive_write_disk security checks not supported on Windows"); 40304060Smm#else 41304060Smm struct archive *a; 42304060Smm struct archive_entry *ae; 43304060Smm 44304060Smm /* Start with a known umask. */ 45304060Smm assertUmask(UMASK); 46304060Smm 47304060Smm /* Create an archive_write_disk object. */ 48304060Smm assert((a = archive_write_disk_new()) != NULL); 49304060Smm archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_SYMLINKS); 50304060Smm 51304060Smm /* The target dir: The one we're going to try to change permission on */ 52304060Smm assertMakeDir("target", 0700); 53304060Smm 54304060Smm /* The sandbox dir we're going to run inside of. */ 55304060Smm assertMakeDir("sandbox", 0700); 56304060Smm assertChdir("sandbox"); 57304060Smm 58304060Smm /* Create a symlink pointing to the target directory */ 59304060Smm assert((ae = archive_entry_new()) != NULL); 60304060Smm archive_entry_copy_pathname(ae, "sym"); 61306321Smm archive_entry_set_mode(ae, AE_IFLNK | 0777); 62304060Smm archive_entry_copy_symlink(ae, "../target"); 63304060Smm assert(0 == archive_write_header(a, ae)); 64304060Smm archive_entry_free(ae); 65304060Smm 66304060Smm /* Try to alter the target dir through the symlink; this should fail. */ 67304060Smm assert((ae = archive_entry_new()) != NULL); 68304060Smm archive_entry_copy_pathname(ae, "sym"); 69304060Smm archive_entry_set_mode(ae, S_IFDIR | 0777); 70304060Smm assert(0 == archive_write_header(a, ae)); 71304060Smm archive_entry_free(ae); 72304060Smm 73304060Smm /* Permission of target dir should not have changed. */ 74304060Smm assertFileMode("../target", 0700); 75306321Smm 76306321Smm assert(0 == archive_write_close(a)); 77306321Smm archive_write_free(a); 78304060Smm#endif 79304060Smm} 80