[Buildd-tools-devel] Bug#476332: Bug#476332: schroot: Fails mysteriously when /etc/schroot/schroot.conf is a symlink
Roger Leigh
rleigh at whinlatter.ukfsn.org
Wed Apr 16 22:06:38 UTC 2008
On Tue, Apr 15, 2008 at 06:41:31PM -0400, Timothy G Abbott wrote:
> Package: schroot
> Version: 1.1.6-1
> Severity: normal
>
> When I try to use schroot on a system where /etc/schroot/schroot.conf is a
> symbolic link to another file (I've triple-checked that it's a regular
> file and not another symlink), I get the following strange error:
>
> $ schroot -pc athena
> E: /etc/schroot/schroot.conf: Failed to open file: Too many levels of symbolic links
>
> There's only one symbolic link involved, and the normal limit for
> recursive symbolic links on linux is much higher than that.
The standard errors (from the source code) are:
FILE_NOTREG, "File is not a regular file"
FILE_OPEN, "Failed to open file"
FILE_OWNER, "File is not owned by user root"
FILE_PERMS, "File has write permissions for others"))
Due to running setuid-root, I do some extra checks to ensure that the
system can't be compromised if the permissions are wrong. One
additional step we take is here:
// stat filename (in case it's a pipe and open(2) blocks)
stat file_status1(file);
if (file_status1.uid() != 0)
throw error(file, FILE_OWNER);
if (file_status1.check_mode(stat::PERM_OTHER_WRITE))
throw error(file, FILE_PERMS);
if (!file_status1.is_regular())
throw error(file, FILE_NOTREG);
/* Use a UNIX fd, for security (no races) */
int fd = open(file.c_str(), O_RDONLY|O_NOFOLLOW);
if (fd < 0)
throw error(file, FILE_OPEN, strerror(errno));
Your errror is from the last line. We deliberately instructed open(2)
to not follow symbolic links with the O_NOFOLLOW, which is why you get
the rather cryptic error about "too many levels of symbolic links"--
one level or greater is too much in this case.
I chose to do this for security reasons, but this could be changed by
removing the O_NOFOLLOW. I would, however, need to be convinced that
this was no less secure than with the O_NOFOLLOW before changing this
--I don't want to unintentionally introduce a security exploit, so I
chose the convervative option originally.
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
More information about the Buildd-tools-devel
mailing list