diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2021-11-05 06:23:34 -0400 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2021-11-05 06:23:34 -0400 |
| commit | 382f70b8d93d012648edc7a42087a6d4d5a103eb (patch) | |
| tree | 90bfa31ce787e83fac74dbd6dd74c34fc7e54e9d | |
| parent | Revert "Force sandbox-internal functions to use 64bit file interface" (diff) | |
| download | sandbox-382f70b8d93d012648edc7a42087a6d4d5a103eb.tar.gz sandbox-382f70b8d93d012648edc7a42087a6d4d5a103eb.tar.bz2 sandbox-382f70b8d93d012648edc7a42087a6d4d5a103eb.zip | |
libsandbox/libsbutil: use faccessat for file-existence tests
This is faster than using stat since it doesn't have to gather all
the metadata, and should avoid LFS issues as a result.
Bug: https://bugs.gentoo.org/583282
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
| -rw-r--r-- | libsandbox/pre_check_openat.c | 15 | ||||
| -rw-r--r-- | libsandbox/wrapper-funcs/fopen_pre_check.c | 3 | ||||
| -rw-r--r-- | libsbutil/src/file.c | 14 |
3 files changed, 5 insertions, 27 deletions
diff --git a/libsandbox/pre_check_openat.c b/libsandbox/pre_check_openat.c index 8cf8133..8fd3b23 100644 --- a/libsandbox/pre_check_openat.c +++ b/libsandbox/pre_check_openat.c @@ -12,24 +12,15 @@ bool sb_openat_pre_check(const char *func, const char *pathname, int dirfd, int flags) { - /* If we're not trying to create, fail normally if - * file does not stat - */ + /* If we're not trying to create, fail normally if file does not stat */ if (flags & O_CREAT) return true; save_errno(); - /* Check incoming args against common *at issues */ - char dirfd_path[SB_PATH_MAX]; - if (!sb_common_at_pre_check(func, &pathname, dirfd, dirfd_path, sizeof(dirfd_path))) - return false; - /* Doesn't exist -> skip permission checks */ - struct stat st; - if (((flags & O_NOFOLLOW) ? lstat(pathname, &st) : stat(pathname, &st)) == -1) { - sb_debug_dyn("EARLY FAIL: %s(%s): %s\n", - func, pathname, strerror(errno)); + if (faccessat(dirfd, pathname, F_OK, (flags & O_NOFOLLOW) ? AT_SYMLINK_NOFOLLOW : 0) == -1) { + sb_debug_dyn("EARLY FAIL: %s(%s): %s\n", func, pathname, strerror(errno)); return false; } diff --git a/libsandbox/wrapper-funcs/fopen_pre_check.c b/libsandbox/wrapper-funcs/fopen_pre_check.c index 765526e..95108e0 100644 --- a/libsandbox/wrapper-funcs/fopen_pre_check.c +++ b/libsandbox/wrapper-funcs/fopen_pre_check.c @@ -11,8 +11,7 @@ bool sb_fopen_pre_check(const char *func, const char *pathname, const char *mode save_errno(); /* If we're trying to read, fail normally if file does not stat */ - struct stat st; - if (-1 == stat(pathname, &st)) { + if (faccessat(AT_FDCWD, pathname, F_OK, 0) == -1) { sb_debug_dyn("EARLY FAIL: %s(%s): %s\n", func, pathname, strerror(errno)); return false; diff --git a/libsbutil/src/file.c b/libsbutil/src/file.c index 4542ae5..a1a4a0e 100644 --- a/libsbutil/src/file.c +++ b/libsbutil/src/file.c @@ -15,19 +15,7 @@ bool rc_file_exists (const char *pathname) { - struct stat buf; - int retval; - - if (!check_str (pathname)) - return false; - - retval = lstat (pathname, &buf); - if (-1 != retval) - retval = true; - else - retval = false; - - return retval; + return faccessat(AT_FDCWD, pathname, F_OK, AT_SYMLINK_NOFOLLOW) == 0; } bool |