[Rpm-maint] [rpm-software-management/rpm] Fix install of block and character special files (#2195, #2275) (PR #2349)

[Panu Matilainen]

While it's possible to open special files, they are, well, special and have "side-effects" also known as, ahem, semantics. Opening a device file in Unix means accessing that *device*, and FIFOs have their own semantics.  In other words, for rpm's purposes, we should never EVER open these files as a part of the install / permission setting etc. Fix this major brainfart in 25a435e90844ea98fe5eb7bef22c1aecf3a9c033.

OTOH this forces us back to the less secure path based operations for these files, which is what we were trying to avoid in the first place. There always was a tiny race between create + open for these (because there's no atomic way to create + open anything but regular files) but this opens up the window quite a bit.
Nobody should be placing device nodes in user-owned directories but FIFO's may be a different story.

We haven't had tests for device nodes because it requires privileges the test-suite usually doesn't have, not testing FIFOs I have no excuse for. Add that test now.

Fixes: #2195, #2275
You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/2349

-- Commit Summary --

  * Fix install of block and character special files (#2195, #2275)

-- File Changes --

    M lib/fsm.c (4)
    M tests/populate (2)
    M tests/rpmi.at (15)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/2349.patch
https://github.com/rpm-software-management/rpm/pull/2349.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2349
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/2349 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20230113/7d1e5dae/attachment.html>