View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000254 | file | General | public | 2021-03-31 21:40 | 2021-10-28 15:35 |
Reporter | thesamesam | Assigned To | christos | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Summary | 0000254: Warn when incompatible options -S (seccomp) and -z (uncompress) are used together | ||||
Description | When using seccomp filtering with file (-S), file will crash with a "bad system call" error if additionally called with uncompress (-z) on a zip file. This is documented in the man page: >SECURITY > On systems where libseccomp (https://github.com/seccomp/libseccomp) is available, file is enforces limiting system calls to only the ones necessary for >the operation of > the program. This enforcement does not provide any security benefit when file is asked to decompress input files running external programs with the -z >option. To enable > execution of external decompressors, one needs to disable sandboxing using the -S flag. Could file instead warn / error out on these incompatible options being used together, rather than leaving it to the filter to kill file? | ||||
Additional Information | (First noticed downstream in Gentoo after a user reported an issue with mc (midnight commander): https://bugs.gentoo.org/776988. Reported upstream to mc here: https://midnight-commander.org/ticket/4219. Seems to have been fixed here: https://github.com/MidnightCommander/mc/commit/1ed638d66cf803f69ac12ee80a72d217f2146e43). | ||||
Tags | No tags attached. | ||||
|
That's kind of hard to do because by the time you've analyzed the file and determined you need to fork (which is not usually the case if you have built-in decompressors), it is probably too late. For example it could be that you've already processed a bunch of other files. I guess you can just disable forking and not decompress, but that would violate POLA. |
|
Can't/won't fix. |
Date Modified | Username | Field | Change |
---|---|---|---|
2021-03-31 21:40 | thesamesam | New Issue | |
2021-04-19 16:53 | christos | Assigned To | => christos |
2021-04-19 16:53 | christos | Status | new => assigned |
2021-04-19 16:56 | christos | Status | assigned => feedback |
2021-04-19 16:56 | christos | Note Added: 0003588 | |
2021-10-28 15:35 | christos | Status | feedback => closed |
2021-10-28 15:35 | christos | Resolution | open => fixed |
2021-10-28 15:35 | christos | Note Added: 0003656 |