diff options
| author | Nick Kralevich <nnk@google.com> | 2012-02-09 11:22:33 -0800 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2012-02-09 11:22:33 -0800 |
| commit | 4ae77160727f8b92d61028269d1f49ae16873a08 (patch) | |
| tree | 716d19efd5f954333b6b4f988824809795c7dd90 /run-as | |
| parent | a8185a622e368d1957e18a3ee9d29d45eda12cfc (diff) | |
| download | system_core-4ae77160727f8b92d61028269d1f49ae16873a08.zip system_core-4ae77160727f8b92d61028269d1f49ae16873a08.tar.gz system_core-4ae77160727f8b92d61028269d1f49ae16873a08.tar.bz2 | |
do more checks on packages.list
Change-Id: I16d6eab5e674c860be915fde2da7877994bed314
Diffstat (limited to 'run-as')
| -rw-r--r-- | run-as/package.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/run-as/package.c b/run-as/package.c index 8f11646..143d647 100644 --- a/run-as/package.c +++ b/run-as/package.c @@ -89,6 +89,16 @@ map_file(const char* filename, size_t* filesize) if (ret < 0) goto EXIT; + /* Ensure that the file is owned by the system user */ + if ((st.st_uid != AID_SYSTEM) || (st.st_gid != AID_SYSTEM)) { + goto EXIT; + } + + /* Ensure that the file has sane permissions */ + if ((st.st_mode & S_IWOTH) != 0) { + goto EXIT; + } + /* Ensure that the size is not ridiculously large */ length = (size_t)st.st_size; if ((off_t)length != st.st_size) { |