Commit 44107547 authored by Chris Coulson's avatar Chris Coulson Committed by Simon McVittie
Browse files

Import Debian changes 237-3ubuntu10.9

systemd (237-3ubuntu10.9) bionic-security; urgency=medium

  [ Chris Coulson ]
  * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
    - debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to
      resolve this completely
    - CVE-2018-6954

  [ Balint Reczey ]
  * Fix LP: #1803391 - Skip daemon-reexec and try-restarts during shutdown
    - update debian/systemd.postinst
parent acee940a
systemd (237-3ubuntu10.8) bionic; urgency=medium
* debian/extra/start-udev: ignore failure to set sync parameter.
On old kernels (e.g. v4.4) the file is available but appears to be
non-writable. Hide error messages and ignore failure to write out sync into the
parameters file. This does not regress https://pad.lv/1779815 since older
kernel did synchronous scan anyway. But it does resolve failure to start the
installer on old kernels. (LP: #1784454)
File: debian/extra/start-udev
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=62edd5c6e963dbf1df4f4bb7556a6d3477559083
* Add conflicts with upstart and systemd-shim. (LP: #1773859)
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=33385a01dbe44765dc24eead52d677147b2b06c9
* units: Disable journald Watchdog (LP: #1773148)
File: debian/patches/debian/UBUNTU-units-disable-journald-watchdog.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=622407bc2aa723a3bdf10e1de946d0d6e88fbeb6
* cryptsetup: add support for sector-size= option (LP: #1776626)
File: debian/patches/cryptsetup-add-support-for-sector-size-option-8881.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=89899133e977eb34dac4c3e9f83c59853eda66ab
* Re-add support for /etc/writable for core18. (LP: #1778936)
Author: Michael Vogt
File: debian/patches/debian/UBUNTU-Support-system-image-read-only-etc.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=fdc87994ab8f7036d07c8c208ad1fbac32cbd639
* systemctl: correctly proceed to immediate shutdown if scheduling fails
(LP: #1670291)
File: debian/patches/systemctl-correctly-proceed-to-immediate-shutdown-if-sche.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=cdd3a0bb5f568a2500dbdff4bfcf97e3ba996fe3
* core: export environment when running generators.
Ensure that manager's environment (including e.g. PATH) is exported when
running generators. Otherwise, one is at a mercy of running without PATH which
can lead to buggy generator behaviour. (LP: #1771858)
Files:
- debian/patches/core-execute-environment_generators-with-manager-s-enviro.patch
- debian/patches/core-execute-generators-with-manager-s-environmnet.patch
- debian/patches/exec-util-in-execute_directories-support-initial-exec-env.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d494ef816ca950c9a7c2bfb07620b3df8e46ed35
* networkd: add support to set IPv6MTUBytes (LP: #1671951)
File: debian/patches/networkd-add-support-to-configure-IPv6-MTU-8664.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f4a308ea8f3f9187c97f81868a0408f9cefc96a7
* Specify Ubuntu's Vcs-Git
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b739661356fe0e47223ae28c79b4b7f7740bea3a
-- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 15 Nov 2018 23:15:00 +0000
systemd (237-3ubuntu10.7) bionic-security; urgency=medium
* debian/systemd.postinst: Skip daemon-reexec and try-restarts during shutdown
(LP: #1803391)
Author: Balint Reczey
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=18eea38c62e73158d2160e319de31e054a58b8df
-- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 15 Nov 2018 23:00:20 +0000
systemd (237-3ubuntu10.9) bionic-security; urgency=medium
[ Chris Coulson ]
* SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
- debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to
resolve this completely
- CVE-2018-6954
[ Balint Reczey ]
* Fix LP: #1803391 - Skip daemon-reexec and try-restarts during shutdown
- update debian/systemd.postinst
-- Chris Coulson <chris.coulson@canonical.com> Thu, 15 Nov 2018 20:45:11 +0000
systemd (237-3ubuntu10.6) bionic-security; urgency=medium
......
......@@ -9,10 +9,8 @@ Uploaders: Michael Biebl <biebl@debian.org>,
Martin Pitt <mpitt@debian.org>
Standards-Version: 4.1.3
Rules-Requires-Root: no
Vcs-Git: https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd -b ubuntu-bionic
Vcs-Browser: https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd
XS-Vcs-Debian-Git: https://salsa.debian.org/systemd-team/systemd.git
XS-Vcs-Debian-Browser: https://salsa.debian.org/systemd-team/systemd
Vcs-Git: https://salsa.debian.org/systemd-team/systemd.git
Vcs-Browser: https://salsa.debian.org/systemd-team/systemd
Homepage: https://www.freedesktop.org/wiki/Software/systemd
Build-Depends: debhelper (>= 10.4~),
pkg-config,
......@@ -78,7 +76,6 @@ Depends: ${shlibs:Depends},
mount (>= 2.26),
adduser,
procps,
Conflicts: systemd-shim, upstart
Breaks: apparmor (<< 2.9.2-1),
systemd-shim (<< 10-3~),
ifupdown (<< 0.8.5~),
......@@ -209,7 +206,7 @@ Depends: ${shlibs:Depends},
systemd (= ${binary:Version}),
libpam-runtime (>= 1.0.1-6),
dbus,
systemd-sysv
systemd-shim (>= 10-3~) | systemd-sysv
Description: system and service manager - PAM module
This package contains the PAM module which registers user sessions in
the systemd control group hierarchy for logind.
......
......@@ -11,7 +11,7 @@ fi
# This covers the same case as lib/modprobe.d/scsi-mod-scan-sync.conf
# in the event that scsi_mod is built in to the kernel, not a module:
if [ -f /sys/module/scsi_mod/parameters/scan ]; then
echo sync > /sys/module/scsi_mod/parameters/scan >/dev/null || :
echo sync > /sys/module/scsi_mod/parameters/scan
fi
SYSTEMD_LOG_LEVEL=notice /lib/systemd/systemd-udevd --daemon --resolve-names=never
......
From 8948b3415d762245ebf5e19d80b97d4d8cc208c1 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 17 Oct 2018 18:36:24 +0200
Subject: [PATCH] =?UTF-8?q?core:=20when=20deserializing=20state=20always?=
=?UTF-8?q?=20use=20read=5Fline(=E2=80=A6,=20LONG=5FLINE=5FMAX,=20?=
=?UTF-8?q?=E2=80=A6)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This should be much better than fgets(), as we can read substantially
longer lines and overly long lines result in proper errors.
Fixes a vulnerability discovered by Jann Horn at Google.
CVE-2018-15686
LP: #1796402
https://bugzilla.redhat.com/show_bug.cgi?id=1639071
---
src/core/job.c | 19 +++++++++++--------
src/core/manager.c | 41 ++++++++++++++++++++---------------------
src/core/unit.c | 34 ++++++++++++++++++----------------
src/core/unit.h | 2 +-
4 files changed, 50 insertions(+), 46 deletions(-)
Description: core: when deserializing state always use read_line(…, LONG_LINE_MAX, …)
This should be much better than fgets(), as we can read substantially
longer lines and overly long lines result in proper errors.
Fixes a vulnerability discovered by Jann Horn at Google.
CVE-2018-15686
Origin: upstream, https://github.com/poettering/systemd/commit/8948b3415d762245ebf5e19d80b97d4d8cc208c1
Bug-Ubuntu: https://launchpad.net/bugs/1796402
--- a/src/core/job.c
+++ b/src/core/job.c
......@@ -35,19 +22,19 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071
#include "macro.h"
@@ -1067,24 +1068,26 @@
}
int job_deserialize(Job *j, FILE *f) {
+ int r;
+
assert(j);
assert(f);
for (;;) {
- char line[LINE_MAX], *l, *v;
+ _cleanup_free_ char *line = NULL;
+ char *l, *v;
size_t k;
- if (!fgets(line, sizeof(line), f)) {
- if (feof(f))
- return 0;
......@@ -58,28 +45,28 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071
+ return log_error_errno(r, "Failed to read serialization line: %m");
+ if (r == 0)
+ return 0;
- char_array_0(line);
l = strstrip(line);
/* End marker */
- if (l[0] == 0)
+ if (isempty(l))
return 0;
k = strcspn(l, "=");
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -3346,21 +3346,19 @@
rt = (ExecRuntime**) ((uint8_t*) u + offset);
for (;;) {
- char line[LINE_MAX], *l, *v;
+ _cleanup_free_ char *line = NULL;
CGroupIPAccountingMetric m;
+ char *l, *v;
size_t k;
- if (!fgets(line, sizeof(line), f)) {
- if (feof(f))
- return 0;
......@@ -90,7 +77,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071
+ return log_error_errno(r, "Failed to read serialization line: %m");
+ if (r == 0) /* eof */
+ break;
- char_array_0(line);
l = strstrip(line);
-
......@@ -98,24 +85,24 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071
- if (isempty(l))
+ if (isempty(l)) /* End marker */
break;
k = strcspn(l, "=");
@@ -3637,23 +3635,27 @@
return 0;
}
-void unit_deserialize_skip(FILE *f) {
+int unit_deserialize_skip(FILE *f) {
+ int r;
assert(f);
/* Skip serialized data for this unit. We don't know what it is. */
for (;;) {
- char line[LINE_MAX], *l;
+ _cleanup_free_ char *line = NULL;
+ char *l;
- if (!fgets(line, sizeof line, f))
- return;
+ r = read_line(f, LONG_LINE_MAX, &line);
......@@ -123,38 +110,38 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071
+ return log_error_errno(r, "Failed to read serialization line: %m");
+ if (r == 0)
+ return 0;
- char_array_0(line);
l = strstrip(line);
/* End marker */
if (isempty(l))
- return;
+ return 1;
}
}
--- a/src/core/unit.h
+++ b/src/core/unit.h
@@ -689,7 +689,7 @@
int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool serialize_jobs);
int unit_deserialize(Unit *u, FILE *f, FDSet *fds);
-void unit_deserialize_skip(FILE *f);
+int unit_deserialize_skip(FILE *f);
int unit_serialize_item(Unit *u, FILE *f, const char *key, const char *value);
int unit_serialize_item_escaped(Unit *u, FILE *f, const char *key, const char *value);
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -2841,22 +2841,19 @@
m->n_reloading++;
for (;;) {
- char line[LINE_MAX];
+ _cleanup_free_ char *line = NULL;
const char *val, *l;
- if (!fgets(line, sizeof(line), f)) {
- if (feof(f))
- r = 0;
......@@ -168,23 +155,23 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071
}
+ if (r == 0)
+ break;
- char_array_0(line);
l = strstrip(line);
-
- if (l[0] == 0)
+ if (isempty(l)) /* end marker */
break;
if ((val = startswith(l, "current-job-id="))) {
@@ -3004,28 +3001,30 @@
for (;;) {
Unit *u;
- char name[UNIT_NAME_MAX+2];
+ _cleanup_free_ char *line = NULL;
const char* unit_name;
/* Start marker */
- if (!fgets(name, sizeof(name), f)) {
- if (feof(f))
......@@ -199,11 +186,11 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071
}
+ if (r == 0)
+ break;
- char_array_0(name);
- unit_name = strstrip(name);
+ unit_name = strstrip(line);
r = manager_load_unit(m, unit_name, NULL, NULL, &u);
if (r < 0) {
log_notice_errno(r, "Failed to load unit \"%s\", skipping deserialization: %m", unit_name);
......@@ -217,14 +204,14 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639071
+
continue;
}
@@ -3038,9 +3037,6 @@
}
finish:
- if (ferror(f))
- r = -EIO;
-
assert(m->n_reloading > 0);
m->n_reloading--;
From 5de6cce58b3e8b79239b6e83653459d91af6e57c Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 19 Oct 2018 11:26:59 +0200
Subject: [PATCH] chown-recursive: let's rework the recursive logic to use
O_PATH
Description: chown-recursive: let's rework the recursive logic to use O_PATH
That way we can pin a specific inode and analyze it and manipulate it
without it being swapped out beneath our hands.
That way we can pin a specific inode and analyze it and manipulate it
without it being swapped out beneath our hands.
Fixes a vulnerability originally found by Jann Horn from Google.
Fixes a vulnerability originally found by Jann Horn from Google.
CVE-2018-15687
LP: #1796692
https://bugzilla.redhat.com/show_bug.cgi?id=1639076
---
src/core/chown-recursive.c | 146 ++++++++++++++++++-------------------
1 file changed, 70 insertions(+), 76 deletions(-)
CVE-2018-15687
Origin: upstream, https://github.com/poettering/systemd/commit/5de6cce58b3e8b79239b6e83653459d91af6e57c
Bug-Ubuntu: https://launchpad.net/bugs/1796692
--- a/src/core/chown-recursive.c
+++ b/src/core/chown-recursive.c
@@ -18,18 +18,20 @@
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
-#include <sys/types.h>
-#include <sys/stat.h>
#include <fcntl.h>
+#include <sys/stat.h>
+#include <sys/types.h>
-#include "user-util.h"
-#include "macro.h"
-#include "fd-util.h"
......@@ -39,18 +33,18 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639076
+#include "stdio-util.h"
+#include "strv.h"
+#include "user-util.h"
-static int chown_one(int fd, const char *name, const struct stat *st, uid_t uid, gid_t gid) {
- int r;
+static int chown_one(int fd, const struct stat *st, uid_t uid, gid_t gid) {
+ char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1];
assert(fd >= 0);
assert(st);
@@ -38,90 +40,82 @@
(!gid_is_valid(gid) || st->st_gid == gid))
return 0;
- if (name)
- r = fchownat(fd, name, uid, gid, AT_SYMLINK_NOFOLLOW);
- else
......@@ -60,7 +54,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639076
+ /* We change ownership through the /proc/self/fd/%i path, so that we have a stable reference that works with
+ * O_PATH. (Note: fchown() and fchmod() do not work with O_PATH, the kernel refuses that. */
+ xsprintf(procfs_path, "/proc/self/fd/%i", fd);
- /* The linux kernel alters the mode in some cases of chown(). Let's undo this. */
- if (name) {
- if (!S_ISLNK(st->st_mode))
......@@ -72,7 +66,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639076
- if (r < 0)
+ if (chown(procfs_path, uid, gid) < 0)
return -errno;
+ /* The linux kernel alters the mode in some cases of chown(). Let's undo this. We do this only for non-symlinks
+ * however. That's because for symlinks the access mode is ignored anyway and because on some kernels/file
+ * systems trying to change the access mode will succeed but has no effect while on others it actively
......@@ -83,16 +77,16 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639076
+
return 1;
}
static int chown_recursive_internal(int fd, const struct stat *st, uid_t uid, gid_t gid) {
+ _cleanup_closedir_ DIR *d = NULL;
bool changed = false;
+ struct dirent *de;
int r;
assert(fd >= 0);
assert(st);
- if (S_ISDIR(st->st_mode)) {
- _cleanup_closedir_ DIR *d = NULL;
- struct dirent *de;
......@@ -114,7 +108,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639076
+ safe_close(fd);
+ return -errno;
+ }
- if (fstatat(dirfd(d), de->d_name, &fst, AT_SYMLINK_NOFOLLOW) < 0) {
- r = -errno;
- goto finish;
......@@ -178,7 +172,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639076
+ changed = true;
}
+ }
- r = chown_one(dirfd(d), NULL, st, uid, gid);
- } else
- r = chown_one(fd, NULL, st, uid, gid);
......@@ -188,27 +182,27 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1639076
-
- r = r > 0 || changed;
+ return r;
-finish:
- safe_close(fd);
- return r;
+ return r > 0 || changed;
}
int path_chown_recursive(const char *path, uid_t uid, gid_t gid) {
@@ -129,7 +123,7 @@
struct stat st;
int r;
- fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
+ fd = open(path, O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
if (fd < 0)
return -errno;
--- a/src/basic/fd-util.c
+++ b/src/basic/fd-util.c
@@ -578,3 +578,22 @@
return -EOPNOTSUPP;
}
+
......
From 936f6bdb803c432578e2cdcc5f93f3bfff93aff0 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Fri, 2 Mar 2018 17:19:32 +0100
Subject: [PATCH] tmpfiles: don't resolve pathnames when traversing recursively
Description: tmpfiles: don't resolve pathnames when traversing recursively
through directory trees
Otherwise we can be fooled if one path component is replaced underneath us.
Otherwise we can be fooled if one path component is replaced underneath us.
The patch achieves that by always operating at file descriptor level (by using
*at() helpers) and by making sure we do not any path resolution when traversing
direcotry trees.
The patch achieves that by always operating at file descriptor level (by using
*at() helpers) and by making sure we do not any path resolution when traversing
direcotry trees.
However this is not always possible, for instance when listing the content of a
directory or some operations don't provide the *at() helpers or others (such as
fchmodat()) don't have the AT_EMPTY_PATH flag. In such cases we operate on
/proc/self/fd/%i pseudo-symlink instead, which works the same for all kinds of
objects and requires no checking of type beforehand.
However this is not always possible, for instance when listing the content of a
directory or some operations don't provide the *at() helpers or others (such as
fchmodat()) don't have the AT_EMPTY_PATH flag. In such cases we operate on
/proc/self/fd/%i pseudo-symlink instead, which works the same for all kinds of
objects and requires no checking of type beforehand.
Also O_PATH flag is used when opening file objects in order to prevent
undesired behaviors: device nodes from reacting, automounts from
triggering, etc...
Also O_PATH flag is used when opening file objects in order to prevent
undesired behaviors: device nodes from reacting, automounts from
triggering, etc...
Fixes: #7986
Fixes: CVE-2018-6954
---
src/tmpfiles/tmpfiles.c | 363 ++++++++++++++++++++++++++--------------
1 file changed, 239 insertions(+), 124 deletions(-)
Fixes: CVE-2018-6954
Origin: upstream, https://github.com/systemd/systemd/commit/936f6bdb803c432578e2cdcc5f93f3bfff93aff0
Bug: https://github.com/systemd/systemd/issues/7986
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -786,94 +786,105 @@
return !S_ISDIR(st->st_mode) && st->st_nlink > 1 && dangerous_hardlinks();
}
-static int path_set_perms(Item *i, const char *path) {
- char fn[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
- _cleanup_close_ int fd = -1;
......@@ -39,11 +35,11 @@ Fixes: CVE-2018-6954
+static int fd_set_perms(Item *i, int fd, const struct stat *st) {
+ _cleanup_free_ char *path = NULL;
+ int r;
assert(i);
- assert(path);
+ assert(fd);
- if (!i->mode_set && !i->uid_set && !i->gid_set)
- goto shortcut;
-
......@@ -68,18 +64,18 @@ Fixes: CVE-2018-6954
+ if (r < 0)
return r;
- }
- if (fstatat(fd, "", &st, AT_EMPTY_PATH) < 0)
- return log_error_errno(errno, "Failed to fstat() file %s: %m", path);
+ if (!i->mode_set && !i->uid_set && !i->gid_set)
+ goto shortcut;
- if (hardlink_vulnerable(&st)) {
+ if (hardlink_vulnerable(st)) {
log_error("Refusing to set permissions on hardlinked file %s while the fs.protected_hardlinks sysctl is turned off.", path);
return -EPERM;
}
- xsprintf(fn, "/proc/self/fd/%i", fd);
-
if (i->mode_set) {
......@@ -88,7 +84,7 @@ Fixes: CVE-2018-6954
log_debug("Skipping mode fix for symlink %s.", path);
else {
mode_t m = i->mode;
if (i->mask_perms) {
- if (!(st.st_mode & 0111))
+ if (!(st->st_mode & 0111))
......@@ -103,7 +99,7 @@ Fixes: CVE-2018-6954
+ if (!S_ISDIR(st->st_mode))
m &= ~07000; /* remove sticky/sgid/suid bit, unless directory */
}
- if (m == (st.st_mode & 07777))
- log_debug("\"%s\" has correct mode %o already.", path, st.st_mode);
+ if (m == (st->st_mode & 07777))
......@@ -112,7 +108,7 @@ Fixes: CVE-2018-6954
+ char procfs_path[strlen("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
+
log_debug("Changing \"%s\" to mode %o.", path, m);
- if (chmod(fn, m) < 0)
- return log_error_errno(errno, "chmod() of %s via %s failed: %m", path, fn);
+ /* fchmodat() still doesn't have AT_EMPTY_PATH flag. */
......@@ -123,7 +119,7 @@ Fixes: CVE-2018-6954
}
}
}
- if ((i->uid_set && i->uid != st.st_uid) ||
- (i->gid_set && i->gid != st.st_gid)) {
+ if ((i->uid_set && i->uid != st->st_uid) ||
......@@ -132,7 +128,7 @@ Fixes: CVE-2018-6954
path,
i->uid_set ? i->uid : UID_INVALID,
i->gid_set ? i->gid : GID_INVALID);
- if (chown(fn,
- i->uid_set ? i->uid : UID_INVALID,
- i->gid_set ? i->gid : GID_INVALID) < 0)
......@@ -144,13 +140,13 @@ Fixes: CVE-2018-6954
+ AT_EMPTY_PATH) < 0)