Priv-sep: Don't trust client args for REMOUNT_RO_NO_RECURSIVE

The REMOUNT_RO_NO_RECURSIVE implementation should *always* use BIND_READONLY for flags, and NULL for source, ignoring what the untrusted client sent.
2016-11-07 12:42:38 +01:00
parent 6d6cd0958c
commit 10bafea007
1 changed files with 2 additions and 2 deletions
--- a/bubblewrap.c
+++ b/bubblewrap.c
@@ -573,8 +573,8 @@ privileged_op (int         privileged_op_socket,
      break;

    case PRIV_SEP_OP_REMOUNT_RO_NO_RECURSIVE:
-      if (bind_mount (proc_fd, arg1, arg2, flags) != 0)
-        die_with_error ("Can't bind mount %s on %s", arg1, arg2);
+      if (bind_mount (proc_fd, NULL, arg2, BIND_READONLY) != 0)
+        die_with_error ("Can't remount readonly on %s", arg2);
      break;

    case PRIV_SEP_OP_BIND_MOUNT: