View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000254||file||[All Projects] General||public||2021-03-31 21:40||2021-10-28 15:35|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Target Version||Fixed in Version|
|Summary||0000254: Warn when incompatible options -S (seccomp) and -z (uncompress) are used together|
|Description||When using seccomp filtering with file (-S), file will crash with a "bad system call" error if additionally called with uncompress (-z) on a zip file. This is documented in the man page:|
> On systems where libseccomp (https://github.com/seccomp/libseccomp) is available, file is enforces limiting system calls to only the ones necessary for >the operation of
> the program. This enforcement does not provide any security benefit when file is asked to decompress input files running external programs with the -z >option. To enable
> execution of external decompressors, one needs to disable sandboxing using the -S flag.
Could file instead warn / error out on these incompatible options being used together, rather than leaving it to the filter to kill file?
|Additional Information||(First noticed downstream in Gentoo after a user reported an issue with mc (midnight commander): https://bugs.gentoo.org/776988.|
Reported upstream to mc here: https://midnight-commander.org/ticket/4219.
Seems to have been fixed here: https://github.com/MidnightCommander/mc/commit/1ed638d66cf803f69ac12ee80a72d217f2146e43).
|Tags||No tags attached.|
||That's kind of hard to do because by the time you've analyzed the file and determined you need to fork (which is not usually the case if you have built-in decompressors), it is probably too late. For example it could be that you've already processed a bunch of other files. I guess you can just disable forking and not decompress, but that would violate POLA.|
|2021-03-31 21:40||thesamesam||New Issue|
|2021-04-19 16:53||christos||Assigned To||=> christos|
|2021-04-19 16:53||christos||Status||new => assigned|
|2021-04-19 16:56||christos||Status||assigned => feedback|
|2021-04-19 16:56||christos||Note Added: 0003588|
|2021-10-28 15:35||christos||Status||feedback => closed|
|2021-10-28 15:35||christos||Resolution||open => fixed|
|2021-10-28 15:35||christos||Note Added: 0003656|