View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000254 | file | General | public | 2021-03-31 21:40 | 2021-10-28 15:35 |
| Reporter | thesamesam | Assigned To | christos | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Summary | 0000254: Warn when incompatible options -S (seccomp) and -z (uncompress) are used together | ||||
| Description | When using seccomp filtering with file (-S), file will crash with a "bad system call" error if additionally called with uncompress (-z) on a zip file. This is documented in the man page: >SECURITY > On systems where libseccomp (https://github.com/seccomp/libseccomp) is available, file is enforces limiting system calls to only the ones necessary for >the operation of > the program. This enforcement does not provide any security benefit when file is asked to decompress input files running external programs with the -z >option. To enable > execution of external decompressors, one needs to disable sandboxing using the -S flag. Could file instead warn / error out on these incompatible options being used together, rather than leaving it to the filter to kill file? | ||||
| Additional Information | (First noticed downstream in Gentoo after a user reported an issue with mc (midnight commander): https://bugs.gentoo.org/776988. Reported upstream to mc here: https://midnight-commander.org/ticket/4219. Seems to have been fixed here: https://github.com/MidnightCommander/mc/commit/1ed638d66cf803f69ac12ee80a72d217f2146e43). | ||||
| Tags | No tags attached. | ||||
|
|
That's kind of hard to do because by the time you've analyzed the file and determined you need to fork (which is not usually the case if you have built-in decompressors), it is probably too late. For example it could be that you've already processed a bunch of other files. I guess you can just disable forking and not decompress, but that would violate POLA. |
|
|
Can't/won't fix. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-03-31 21:40 | thesamesam | New Issue | |
| 2021-04-19 16:53 | christos | Assigned To | => christos |
| 2021-04-19 16:53 | christos | Status | new => assigned |
| 2021-04-19 16:56 | christos | Status | assigned => feedback |
| 2021-04-19 16:56 | christos | Note Added: 0003588 | |
| 2021-10-28 15:35 | christos | Status | feedback => closed |
| 2021-10-28 15:35 | christos | Resolution | open => fixed |
| 2021-10-28 15:35 | christos | Note Added: 0003656 |
