Google Git
Sign in
chromium / chromiumos / third_party / upstart / refs/heads/stabilize-15083.B
commit2a2330a6114bef0a5c5bff7afe0d32a911b3f774[log] [tgz]
authorRyan Borzello <rborzello@google.com>Fri Jul 22 18:14:31 2022
committerChromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com>Fri Jul 29 20:28:35 2022
tree95c15347cb950a58dd52c1b26300175f69ff1119
parent0df2bb39614c758c8abf3d4d6de6f81be74c8314 [diff]
upstart: Apply nosymfollow to /tmp

Symlinks can be used in the /tmp folder to trick crash_reporter into
deleting arbitrary files.

Mount the /tmp folder with nosymfollow flag to prevent an attacker with
write access to /tmp from confusing and redirecting code that uses
/tmp.

BUG=b:235148382
TEST=verify that /tmp remounted with nosymfollow

Cq-Depend: chromium:3785359
Change-Id: I031fed6c6917228a2141da3fce7f5bc44b8ad670
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/upstart/+/3783196
Reviewed-by: Jason Ling <jasonling@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Ryan Borzello <rborzello@chromium.org>
Reviewed-by: Sarthak Kukreti <sarthakkukreti@chromium.org>
Tested-by: Ryan Borzello <rborzello@chromium.org>
Owners-Override: Andres Calderon Jaramillo <andrescj@google.com>
1 file changed
tree: 95c15347cb950a58dd52c1b26300175f69ff1119
  1. conf/
  2. contrib/
  3. dbus/
  4. doc/
  5. extra/
  6. init/
  7. po/
  8. util/
  9. .bzrignore
  10. AUTHORS
  11. ChangeLog
  12. configure.ac
  13. COPYING
  14. HACKING
  15. Makefile.am
  16. NEWS
  17. OWNERS
  18. PRESUBMIT.cfg
  19. README
  20. TODO