Diffusion FreeBSD src repository b6ea2513f776

tzcode: Limit TZ for setugid programs
b6ea2513f776
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

tzcode: Limit TZ for setugid programs

The zoneinfo parser can be told to read any file the program can access
by setting TZ to either an absolute path, or a path relative to the
zoneinfo directory. For setugid programs, we previously had a hack from
OpenBSD which rejects values of TZ deemed unsafe, but that was rather
arbitrary (anything containing a dot, for instance). Leverage openat()
with AT_RESOLVE_BENEATH instead.

For simplicity, move the TZ change detection code to after we've opened
the file, and stat the file descriptor rather than the name.

Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D52029

Details

Provenance

des	Authored on Aug 21 2025, 4:34 PM

Reviewer

Differential Revision

D52029: tzcode: Limit TZ for setugid programs

Parents

rGf5efc804294c: tzcode: Reduce diff to upstream

Branches

Unknown

Tags

Unknown

Event Timeline

des committed rGb6ea2513f776: tzcode: Limit TZ for setugid programs (authored by des).Aug 21 2025, 6:59 PM

des added an edge: D52029: tzcode: Limit TZ for setugid programs.

des mentioned this in D52108: tzcode: Fix TZ for non-setugid programs.Aug 22 2025, 12:36 AM

des mentioned this in rGa6b19979bf13: tzcode: Fix TZ for non-setugid programs.Aug 22 2025, 7:30 AM

des mentioned this in D52240: tzcode: Don't treat TZDEFAULT as tainted.Aug 29 2025, 4:09 PM

des mentioned this in rGca89e1535509: tzcode: Don't treat TZDEFAULT as tainted.Sep 1 2025, 6:36 AM

Changes (1)

Path

Size

contrib/

tzcode/

rGb6ea2513f776

contrib/tzcode/localtime.c

Loading...