diff options
Diffstat (limited to 'libsandbox/pre_check_openat.c')
| -rw-r--r-- | libsandbox/pre_check_openat.c | 15 |
1 files changed, 3 insertions, 12 deletions
diff --git a/libsandbox/pre_check_openat.c b/libsandbox/pre_check_openat.c index 8cf8133..8fd3b23 100644 --- a/libsandbox/pre_check_openat.c +++ b/libsandbox/pre_check_openat.c @@ -12,24 +12,15 @@ bool sb_openat_pre_check(const char *func, const char *pathname, int dirfd, int flags) { - /* If we're not trying to create, fail normally if - * file does not stat - */ + /* If we're not trying to create, fail normally if file does not stat */ if (flags & O_CREAT) return true; save_errno(); - /* Check incoming args against common *at issues */ - char dirfd_path[SB_PATH_MAX]; - if (!sb_common_at_pre_check(func, &pathname, dirfd, dirfd_path, sizeof(dirfd_path))) - return false; - /* Doesn't exist -> skip permission checks */ - struct stat st; - if (((flags & O_NOFOLLOW) ? lstat(pathname, &st) : stat(pathname, &st)) == -1) { - sb_debug_dyn("EARLY FAIL: %s(%s): %s\n", - func, pathname, strerror(errno)); + if (faccessat(dirfd, pathname, F_OK, (flags & O_NOFOLLOW) ? AT_SYMLINK_NOFOLLOW : 0) == -1) { + sb_debug_dyn("EARLY FAIL: %s(%s): %s\n", func, pathname, strerror(errno)); return false; } |