Skip to content

Commit a5ea9f0

Browse files
jnorelljnorell
committed
sanity check to prevent operating on root directory
1 parent 79ae1af commit a5ea9f0

File tree

1 file changed

+36
-0
lines changed

1 file changed

+36
-0
lines changed

server/lib/classes/system.inc.php

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -942,6 +942,12 @@ function move($file1, $file2) {
942942
}
943943

944944
function rmdir($dir, $recursive=false) {
945+
// Disallow operating on root directory
946+
if(realpath($dir) == '/') {
947+
$app->log("rmdir: afraid I might delete root: $dir", LOGLEVEL_WARN);
948+
return false;
949+
}
950+
945951
$dir = rtrim($dir, '/');
946952
if (is_dir($dir)) {
947953
$objects = array_diff(scandir($dir), array('.', '..'));
@@ -2219,6 +2225,12 @@ public function system_safe($cmd) {
22192225
}
22202226

22212227
public function create_jailkit_user($username, $home_dir, $user_home_dir, $shell = '/bin/bash', $p_user = null, $p_user_home_dir = null) {
2228+
// Disallow operating on root directory
2229+
if(realpath($home_dir) == '/') {
2230+
$app->log("create_jailkit_user: invalid home_dir: $home_dir", LOGLEVEL_WARN);
2231+
return false;
2232+
}
2233+
22222234
// Check if USERHOMEDIR already exists
22232235
if(!is_dir($home_dir . '/.' . $user_home_dir)) {
22242236
$this->mkdirpath($home_dir . '/.' . $user_home_dir, 0755, $username);
@@ -2242,6 +2254,12 @@ public function create_jailkit_user($username, $home_dir, $user_home_dir, $shell
22422254
}
22432255

22442256
public function create_jailkit_chroot($home_dir, $app_sections = array(), $options = array()) {
2257+
// Disallow operating on root directory
2258+
if(realpath($home_dir) == '/') {
2259+
$app->log("create_jailkit_chroot: invalid home_dir: $home_dir", LOGLEVEL_WARN);
2260+
return false;
2261+
}
2262+
22452263
if(!is_dir($home_dir)) {
22462264
$app->log("create_jailkit_chroot: jail directory does not exist: $home_dir", LOGLEVEL_WARN);
22472265
return false;
@@ -2292,6 +2310,12 @@ public function create_jailkit_chroot($home_dir, $app_sections = array(), $optio
22922310
}
22932311

22942312
public function create_jailkit_programs($home_dir, $programs = array(), $options = array()) {
2313+
// Disallow operating on root directory
2314+
if(realpath($home_dir) == '/') {
2315+
$app->log("create_jailkit_programs: invalid home_dir: $home_dir", LOGLEVEL_WARN);
2316+
return false;
2317+
}
2318+
22952319
if(!is_dir($home_dir)) {
22962320
$app->log("create_jailkit_programs: jail directory does not exist: $home_dir", LOGLEVEL_WARN);
22972321
return false;
@@ -2352,6 +2376,12 @@ public function create_jailkit_programs($home_dir, $programs = array(), $options
23522376
}
23532377

23542378
public function update_jailkit_chroot($home_dir, $sections = array(), $programs = array(), $options = array()) {
2379+
// Disallow operating on root directory
2380+
if(realpath($home_dir) == '/') {
2381+
$app->log("update_jailkit_chroot: invalid home_dir: $home_dir", LOGLEVEL_WARN);
2382+
return false;
2383+
}
2384+
23552385
if(!is_dir($home_dir)) {
23562386
$app->log("update_jailkit_chroot: jail directory does not exist: $home_dir", LOGLEVEL_WARN);
23572387
return false;
@@ -2496,6 +2526,12 @@ public function update_jailkit_chroot($home_dir, $sections = array(), $programs
24962526
}
24972527

24982528
public function delete_jailkit_chroot($home_dir) {
2529+
// Disallow operating on root directory
2530+
if(realpath($home_dir) == '/') {
2531+
$app->log("delete_jailkit_chroot: invalid home_dir: $home_dir", LOGLEVEL_WARN);
2532+
return false;
2533+
}
2534+
24992535
if(!is_dir($home_dir)) {
25002536
$app->log("delete_jailkit_chroot: jail directory does not exist: $home_dir", LOGLEVEL_DEBUG);
25012537
return false;

0 commit comments

Comments
 (0)