1/*- 2 * Copyright (c) 2003-2007,2016 Tim Kientzle 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25#include "test.h" 26 27#define UMASK 022 28 29/* 30 * Github Issue #745 describes a bug in the sandboxing code that 31 * allows one to use a symlink to edit the permissions on a file or 32 * directory outside of the sandbox. 33 */ 34 35DEFINE_TEST(test_write_disk_secure745) 36{ 37#if defined(_WIN32) && !defined(__CYGWIN__) 38 skipping("archive_write_disk security checks not supported on Windows"); 39#else 40 struct archive *a; 41 struct archive_entry *ae; 42 43 /* Start with a known umask. */ 44 assertUmask(UMASK); 45 46 /* Create an archive_write_disk object. */ 47 assert((a = archive_write_disk_new()) != NULL); 48 archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_SYMLINKS); 49 50 /* The target dir: The one we're going to try to change permission on */ 51 assertMakeDir("target", 0700); 52 53 /* The sandbox dir we're going to run inside of. */ 54 assertMakeDir("sandbox", 0700); 55 assertChdir("sandbox"); 56 57 /* Create a symlink pointing to the target directory */ 58 assert((ae = archive_entry_new()) != NULL); 59 archive_entry_copy_pathname(ae, "sym"); 60 archive_entry_set_mode(ae, AE_IFLNK | 0777); 61 archive_entry_copy_symlink(ae, "../target"); 62 assert(0 == archive_write_header(a, ae)); 63 archive_entry_free(ae); 64 65 /* Try to alter the target dir through the symlink; this should fail. */ 66 assert((ae = archive_entry_new()) != NULL); 67 archive_entry_copy_pathname(ae, "sym"); 68 archive_entry_set_mode(ae, S_IFDIR | 0777); 69 assert(0 == archive_write_header(a, ae)); 70 archive_entry_free(ae); 71 72 /* Permission of target dir should not have changed. */ 73 assertFileMode("../target", 0700); 74 75 assert(0 == archive_write_close(a)); 76 archive_write_free(a); 77#endif 78} 79