From a6bfc9f3c44c6b4421d5a7b1d872411583a5cffa Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Sat, 11 Dec 2010 23:35:18 +0000 Subject: [PATCH] appliance: Don't set utime on cachedir until we know it is safe. This could be used to touch an arbitrary file (albeit one which must already exist), and this could have been a security problem. --- src/appliance.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/appliance.c b/src/appliance.c index 30eb6fd..1b6b505 100644 --- a/src/appliance.c +++ b/src/appliance.c @@ -320,7 +320,6 @@ check_for_cached_appliance (guestfs_h *g, snprintf (filename, len, "%s/checksum", cachedir); (void) mkdir (cachedir, 0755); - (void) utime (cachedir, NULL); /* See if the cache directory exists and passes some simple checks * to make sure it has not been tampered with. @@ -344,6 +343,8 @@ check_for_cached_appliance (guestfs_h *g, return -1; } + (void) utime (cachedir, NULL); + garbage_collect_appliances (cachedir); /* Try to open and acquire a lock on the checksum file. */ -- 1.8.3.1