[elbe-devel] [PATCH 1/1] Fix Filesystem mkdir method

Bastian Germann bage at linutronix.de
Wed Jul 24 09:32:39 CEST 2019 

> From: Olivier Dion <dion at linutronix.de>
> 
> If one of the component of the path is a symlink, the 'os.makedirs'
> call fails.  Also, it leaks informations from the host to the target.
> 
> Using 'self.realpath' before calling 'os.makedirs' will ensure that:
> 
>   - Path has no symbolic link in its part
>   - Path does not leak to another filesystem
> 
> This can easily be tested by using the 'armel-rescue-busybox-cpio'
> example and adding the 'libjson-c3' package to the list of packages in
> the target section.  Here's the expected traceback:
> ----------------------------------------------------------------------
> Build failed
> Traceback (most recent call last):
>   File "/var/cache/elbe/devel/elbepack/asyncworker.py", line 158, in execute
>     skip_pbuild=self.skip_pbuilder)
>   File "/var/cache/elbe/devel/elbepack/elbeproject.py", line 546, in build
>     self.log, self.get_rpcaptcache())
>   File "/var/cache/elbe/devel/elbepack/efilesystem.py", line 79, in extract_target
>     copy_filelist(src, file_list, dst)
>   File "/var/cache/elbe/devel/elbepack/efilesystem.py", line 32, in copy_filelist
>     dst.mkdir(f)
>   File "/var/cache/elbe/devel/elbepack/filesystem.py", line 89, in mkdir
>     os.makedirs(self.fname(path))
>   File "/usr/lib/python2.7/os.py", line 157, in makedirs
>     mkdir(name, mode)
> OSError: [Errno 2] No such file or directory: '/var/cache/elbe/e80a928e-443b-4801-b105-ddd29c48a1f3/target/lib/arm-linux-gnueabihf'
> 
> Exception:
> [Errno 2] No such file or directory: '/var/cache/elbe/e80a928e-443b-4801-b105-ddd29c48a1f3/target/lib/arm-linux-gnueabihf'
> ----------------------------------------------------------------------
> 
> Signed-off-by: Olivier Dion <dion at linutronix.de>

Reviewed-by: Bastian Germann <bage at linutronix.de>

> ---
>  elbepack/filesystem.py | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/elbepack/filesystem.py b/elbepack/filesystem.py
> index e3076250..d7ed4b21 100644
> --- a/elbepack/filesystem.py
> +++ b/elbepack/filesystem.py
> @@ -86,7 +86,7 @@ class Filesystem(object):
>          return os.path.lexists(self.fname(path))
>  
>      def mkdir(self, path):
> -        os.makedirs(self.fname(path))
> +        os.makedirs(self.realpath(path))
>  
>      def readlink(self, path):
>          return os.readlink(self.fname(path))
>

More information about the elbe-devel mailing list