minijail: Apply nosymfollow to /tmp
Symlinks can be used in the /tmp folder to trick crash_reporter into
deleting arbitrary files.
Mount the /tmp folder with nosymfollow flag to prevent an attacker with
write access to /tmp from confusing and redirecting code that uses
/tmp.
BUG=b:240740514
TEST=verify that /tmp mounted with nosymfollow using the command:
minijail0 -vt -P /mnt/empty -b / -k none,/proc,proc -- /bin/mount | grep /tmp
Cq-Depend: chromium:3852284
Change-Id: Ic991a0673cbaae21bd51ba18bccd049765bdab52
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/minijail/+/3841218
Tested-by: Ryan Borzello <[email protected]>
Commit-Queue: Ryan Borzello <[email protected]>
Reviewed-by: Jorge Lucangeli Obes <[email protected]>
diff --git a/util.h b/util.h
index 4c65bc2..0b1aecf 100644
--- a/util.h
+++ b/util.h
@@ -230,6 +230,15 @@
#endif
}
+static inline bool block_symlinks_in_noninit_mountns_tmp(void)
+{
+#if defined(BLOCK_SYMLINKS_IN_NONINIT_MOUNTNS_TMP)
+ return true;
+#else
+ return false;
+#endif
+}
+
static inline size_t get_num_syscalls(void)
{
return syscall_table_size;
