github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

btrfs: reduce permissions on plugin directories

Browse Source 
Disallow traversal into directories that may contain
unpacked or mounted image filesystems.

Signed-off-by: Derek McGowan <derek@mcg.dev>
Signed-off-by: Samuel Karp <skarp@amazon.com>
This commit is contained in:
Derek McGowan 2021-09-15 17:57:13 -07:00 committed by Samuel Karp
parent 6886c6a2ec
commit 7c621e1fcc
No known key found for this signature in database
GPG Key ID: 7F8CDFDD70CC3D44
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
snapshots/btrfs/btrfs.go
View File

@ -51,11 +51,15 @@ type snapshotter struct {
// root needs to be a mount point of btrfs. // root needs to be a mount point of btrfs.
func NewSnapshotter(root string) (snapshots.Snapshotter, error) { func NewSnapshotter(root string) (snapshots.Snapshotter, error) {
// If directory does not exist, create it // If directory does not exist, create it
if _, err := os.Stat(root); err != nil { if st, err := os.Stat(root); err != nil {
if !os.IsNotExist(err) { if !os.IsNotExist(err) {
return nil, err return nil, err
} }
if err := os.Mkdir(root, 0755); err != nil { if err := os.Mkdir(root, 0700); err != nil {
return nil, err
}
} else if st.Mode()&os.ModePerm != 0700 {
if err := os.Chmod(root, 0700); err != nil {
return nil, err return nil, err
} }
} }