src/rc/checkpath.c: replace mkdir() with mkdirat().

The do_check() function recently gained some defenses against symlink replacement attacks that involve the use of *at functions in place of their vanilla counterparts; openat() instead of open(), for example. One opportunity to replace mkdir() with mkdirat() was missed, however, and this commit replaces it. This fixes #386.
2020-11-25 07:15:50 -05:00 · 2020-11-25 07:15:50 -05:00 · 00ea216608
commit 00ea216608
parent ac7ca6d901
1 changed files with 2 additions and 2 deletions
--- a/src/rc/checkpath.c
+++ b/src/rc/checkpath.c
@ -197,10 +197,10 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode,
 				mode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH;
 			u = umask(0);
 			/* We do not recursively create parents */
-			r = mkdir(path, mode);
+			r = mkdirat(dirfd, name, mode);
 			umask(u);
 			if (r == -1 && errno != EEXIST) {
-				eerror("%s: mkdir: %s", applet,
+				eerror("%s: mkdirat: %s", applet,
 				    strerror (errno));
 				return -1;
 			}