fs-util: rename safe_transition() into unsafe_transition()

We're always interested into finding unsafe transitions so let's make the helper return true when it finds such transitions so we don't need to negate its results. No functional changes.
author: Franck Bui <fbui@suse.com> 2018-11-29 11:21:12 +0100
committer: Franck Bui <fbui@suse.com> 2018-12-10 09:19:14 +0100
commit: b85ee2ec95808db6981d2659610ed1713738df11 (patch)
tree: e41284f1cce5a14e7ac408ef3f76420169ce2b0d /src
parent: tmpfiles: use CHASE_WARN in addition to CHASE_SAFE (diff)
download: systemd-b85ee2ec95808db6981d2659610ed1713738df11.tar.gz
systemd-b85ee2ec95808db6981d2659610ed1713738df11.tar.bz2
systemd-b85ee2ec95808db6981d2659610ed1713738df11.zip
1 files changed, 6 insertions, 6 deletions
diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c
index f91d33850..59383c52d 100644
--- a/src/basic/fs-util.c
+++ b/src/basic/fs-util.c
@@ -634,15 +634,15 @@ int inotify_add_watch_fd(int fd, int what, uint32_t mask) {
         return r;
 }
 
-static bool safe_transition(const struct stat *a, const struct stat *b) {
+static bool unsafe_transition(const struct stat *a, const struct stat *b) {
         /* Returns true if the transition from a to b is safe, i.e. that we never transition from unprivileged to
          * privileged files or directories. Why bother? So that unprivileged code can't symlink to privileged files
          * making us believe we read something safe even though it isn't safe in the specific context we open it in. */
 
         if (a->st_uid == 0) /* Transitioning from privileged to unprivileged is always fine */
-                return true;
+                return false;
 
-        return a->st_uid == b->st_uid; /* Otherwise we need to stay within the same UID */
+        return a->st_uid != b->st_uid; /* Otherwise we need to stay within the same UID */
 }
 
 static int log_unsafe_transition(int a, int b, const char *path, unsigned flags) {
@@ -837,7 +837,7 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
                                 if (fstat(fd_parent, &st) < 0)
                                         return -errno;
 
-                                if (!safe_transition(&previous_stat, &st))
+                                if (unsafe_transition(&previous_stat, &st))
                                         return log_unsafe_transition(fd, fd_parent, path, flags);
 
                                 previous_stat = st;
@@ -878,7 +878,7 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
                 if (fstat(child, &st) < 0)
                         return -errno;
                 if ((flags & CHASE_SAFE) &&
-                    !safe_transition(&previous_stat, &st))
+                    unsafe_transition(&previous_stat, &st))
                         return log_unsafe_transition(fd, child, path, flags);
 
                 previous_stat = st;
@@ -917,7 +917,7 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
                                         if (fstat(fd, &st) < 0)
                                                 return -errno;
 
-                                        if (!safe_transition(&previous_stat, &st))
+                                        if (unsafe_transition(&previous_stat, &st))
                                                 return log_unsafe_transition(child, fd, path, flags);
 
                                         previous_stat = st;
author	Franck Bui <fbui@suse.com>	2018-11-29 11:21:12 +0100
committer	Franck Bui <fbui@suse.com>	2018-12-10 09:19:14 +0100
commit	b85ee2ec95808db6981d2659610ed1713738df11 (patch)
tree	e41284f1cce5a14e7ac408ef3f76420169ce2b0d /src
parent	tmpfiles: use CHASE_WARN in addition to CHASE_SAFE (diff)
download	systemd-b85ee2ec95808db6981d2659610ed1713738df11.tar.gz systemd-b85ee2ec95808db6981d2659610ed1713738df11.tar.bz2 systemd-b85ee2ec95808db6981d2659610ed1713738df11.zip