mirror of
https://github.com/flatpak/flatpak.git
synced 2026-02-19 15:15:51 -05:00
2d32fbe0cb
Followup to the previous commit to use `O_TMPFILE`, for the cases here what we really want is to use sealed memfds. This ensures the container can't mutate the data we pass. Now, the args fd I was looking at turned out to be a bwrap bug, but this is a good example of the mitigation: ``` $ flatpak run --command="/bin/sh" org.test.Hello ls -al /proc/$$/fd total 0 dr-x------. 2 1000 1000 0 Oct 1 16:43 . dr-xr-xr-x. 9 1000 1000 0 Oct 1 16:43 .. lrwx------. 1 1000 1000 64 Oct 1 16:43 0 -> /dev/pts/2 lrwx------. 1 1000 1000 64 Oct 1 16:43 1 -> /dev/pts/2 lrwx------. 1 1000 1000 64 Oct 1 16:43 2 -> /dev/pts/2 lrwx------. 1 1000 1000 64 Oct 1 16:43 255 -> /dev/pts/2 lrwx------. 1 1000 1000 64 Oct 1 16:43 9 -> /memfd:bwrap-args (deleted) org.test.Hello$ echo foo > /proc/self/fd/9 sh: /proc/self/fd/9: Operation not permitted ``` Closes: #1064 Approved by: alexlarsson