Control: tags -1 + patch On Mon, Jan 02, 2023 at 03:17:06PM +0100, Jakub Wilk wrote: > It's not documented in any obvious place, but it's actually possible to > persuade mount(2) not to follow symlinks. See my proof of concept code here: > https://github.com/jwilk/symount Using this methodology makes for an easy patch, attached.
Best,
Try to bind-mount over /bin/sh instead of over $(realpath /bin/sh) first Also, use the new canonical name for bash. Bug-Debian: https://bugs.debian.org/762759 Forwarded: no Last-Update: 2024-10-17 --- switchsh-0~20070801.orig/switchsh.c +++ switchsh-0~20070801/switchsh.c @@ -105,8 +105,19 @@ int main(int argc, char *argv[]) } #endif + char *bashpath = "/usr/bin/bash"; + int bashfd = open(bashpath, O_PATH | O_NOFOLLOW | O_CLOEXEC); + if (bashfd != -1) + asprintf(&bashpath, "/proc/self/fd/%d", bashfd); + + char *shpath = "/bin/sh"; + int shfd = open(shpath, O_PATH | O_NOFOLLOW | O_CLOEXEC); + if (shfd != -1) + asprintf(&shpath, "/proc/self/fd/%d", shfd); + if ((mount("", "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) || - (mount("/bin/bash", "/bin/sh", NULL, MS_BIND, NULL) < 0)) { + ((mount(bashpath, shpath, NULL, MS_BIND, NULL) < 0) && + (mount("/usr/bin/bash", "/bin/sh", NULL, MS_BIND, NULL) < 0))) { if (errno == EPERM) err_quit("This program must be setuid root!"); err_sys("mount");
signature.asc
Description: PGP signature
