Avoid TOCTOU in sudo_mkdir_parents() using openat(2) and mkdirat(2).

This also allows us to make path const as it should be.
2021-12-11 08:35:18 -07:00
parent 55db239243
commit c13b21c199
12 changed files with 192 additions and 43 deletions
--- a/include/sudo_util.h
+++ b/include/sudo_util.h
@@ -238,7 +238,7 @@ sudo_dso_public const char *sudo_logpri2str_v1(int num);
 #define sudo_logpri2str(_a) sudo_logpri2str_v1((_a))

 /* mkdir_parents.c */
-sudo_dso_public bool sudo_mkdir_parents_v1(char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet);
+sudo_dso_public bool sudo_mkdir_parents_v1(const char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet);
 #define sudo_mkdir_parents(_a, _b, _c, _d, _e) sudo_mkdir_parents_v1((_a), (_b), (_c), (_d), (_e))

 /* parseln.c */