From: Michael Orlitzky <michael@orlitzky.com>
Date: Wed, 28 Feb 2018 22:33:17 +0000 (-0500)
Subject: Eliminate the last bit of pathname usage.
X-Git-Tag: v0.1.5~2
X-Git-Url: https://gitweb.michael.orlitzky.com/?a=commitdiff_plain;h=9cf74aa49835a8309bdc1d9e12afe1925003f141;hp=9cf74aa49835a8309bdc1d9e12afe1925003f141;p=apply-default-acl.git

Eliminate the last bit of pathname usage.

A lot of work has been done recently to make apply-default-acl safe
from symlink and hardlink attacks. A big part of that work was the
recent switch to using file descriptors instead of pathnames; but,
pathnames still lingered in a few places due to a shortcoming in
libacl. Through the use of a new function, acl_copy_xattr(), I've
finally eliminated those last few bits.

The apply_default_acl_ex() function now uses path names only as
arguments to safe_open(), which hopefully is safe. Afterwards, the
file descriptors obtained from safe_open() are used. Thus the hard and
symlink attacks should finally be fixed, modulo a tiny race condition
between safe_open() and fstat() that has no known solution.

These changes rely on the Linux xattr implementation and kill our
portability, but I don't think we ever had any to begin with.
---