File flatpak-CVE-2024-42472-part03-6bd603f6.patch of Package flatpak

Overview Repositories Revisions Requests Users Attributes Meta

File flatpak-CVE-2024-42472-part03-6bd603f6.patch of Package flatpak

From 6bd603f6836e9b38b9b937d3b78f3fbf36e7ff75
From: Alexander Larsson <alexl@redhat.com>
Date: Tue, 18 Jun 2024 11:31:05 +0200
Subject: [PATCH] persist directories: Pass using new bwrap --bind-fd option
References: CVE-2024-42472
References: bsc#1229157
Upstream: Backport from upstream

Instead of passing a /proc/self/fd bind mount we use --bind-fd, which
has two advantages:
 * bwrap closes the fd when used, so it doesn't leak into the started app
 * bwrap ensures that what was mounted was the passed in fd (same dev/ino),
   as there is a small (required) gap between symlink resolve and mount
   where the target path could be replaced.

Please note that this change requires an updated version of bubblewrap.

Resolves: CVE-2024-42472, GHSA-7hgv-f2j8-xw87
[smcv: Make whitespace consistent]
Co-authored-by: Simon McVittie <smcv@collabora.com>
Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 common/flatpak-context.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- flatpak-1.12.8/common/flatpak-context.c
+++ flatpak-1.12.8_new/common/flatpak-context.c
@@ -2813,10 +2813,10 @@
               continue;
             }
 
-          g_autofree char *src_via_proc = g_strdup_printf ("/proc/self/fd/%d", src_fd);
+          g_autofree char *src_via_proc = g_strdup_printf ("%d", src_fd);
 
           flatpak_bwrap_add_fd (bwrap, g_steal_fd (&src_fd));
-          flatpak_bwrap_add_bind_arg (bwrap, "--bind", src_via_proc, dest);
+          flatpak_bwrap_add_bind_arg (bwrap, "--bind-fd", src_via_proc, dest);
         }
     }

Places

File flatpak-CVE-2024-42472-part03-6bd603f6.patch of Package flatpak

Places