Page MenuHomeFreeBSD
Differential D39773

lookup(): ensure that openat("/", "..", O_RESOLVE_BENEATH) fails
ClosedPublic
Actions

Authored by kib on Apr 23 2023, 11:24 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, May 9, 7:14 PM
Unknown Object (File)
Thu, May 9, 7:13 PM
Unknown Object (File)
Thu, May 9, 7:13 PM
Unknown Object (File)
Thu, May 9, 7:13 PM
Unknown Object (File)
Thu, May 9, 8:15 AM
Unknown Object (File)
Sun, Apr 28, 6:32 AM
Unknown Object (File)
Sun, Apr 28, 6:32 AM
Unknown Object (File)
Sun, Apr 28, 6:32 AM
View All 27 Files
Subscribers
imp

Details

Reviewers
emaste
markj
Commits
rGa718431c30a5: lookup(): ensure that openat("/", "..", O_RESOLVE_BENEATH) fails
Summary

PR: 269780

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kib created this revision.Apr 23 2023, 11:24 PM
Herald added a subscriber: imp. · View Herald TranscriptApr 23 2023, 11:24 PM
kib requested review of this revision.Apr 23 2023, 11:24 PM
emaste accepted this revision.Apr 24 2023, 1:17 PM
emaste added inline comments.
sys/kern/vfs_lookup.c
1087

Incidentally I think STRICTRELATIVE is slightly confusing now (as of 7359fdcf5ffa). Previously ni_strictrelative meant /* relative lookup only; no '..' */ - i.e., the "strict" part referred to disallowing ... (Unrelated to this review.)

This revision is now accepted and ready to land.Apr 24 2023, 1:17 PM
markj added inline comments.Apr 24 2023, 1:19 PM
sys/kern/vfs_lookup.c
1086–1095

Do we really want to prohibit lookups in the (v_flag & VV_ROOT) && (cn_flags & NOCROSSMOUNT) case?

1090

This is redundant. If we break, then pr != NULL, and the next if-statement will handle it.

emaste added inline comments.Apr 24 2023, 1:20 PM
sys/kern/vfs_lookup.c
1087

This thought seemed familiar to me, and I found my forgotten D28445 again. Will take another look.

kib marked 2 inline comments as done.Apr 24 2023, 2:23 PM
kib added inline comments.
sys/kern/vfs_lookup.c
1086–1095

I think it does not matter. NOCROSSMOUNT is strictly nfs server option, which does not use BENEATH. But ok, let me restructure code some more.

kib updated this revision to Diff 120934.Apr 24 2023, 2:59 PM
kib marked an inline comment as done.

Drop the jail checks.
Exclude NOCROSSMOUNT lookups.

This revision now requires review to proceed.Apr 24 2023, 2:59 PM
markj accepted this revision.Apr 24 2023, 3:04 PM
markj added inline comments.
sys/kern/vfs_lookup.c
1088

The indentation here is wrong.

This revision is now accepted and ready to land.Apr 24 2023, 3:04 PM
emaste accepted this revision.Apr 24 2023, 7:19 PM
Closed by commit rGa718431c30a5: lookup(): ensure that openat("/", "..", O_RESOLVE_BENEATH) fails (authored by kib). · Explain WhyApr 24 2023, 9:32 PM
This revision was automatically updated to reflect the committed changes.
kib added a commit: rGa718431c30a5: lookup(): ensure that openat("/", "..", O_RESOLVE_BENEATH) fails.

Revision Contents
Changeset List

PathSize
sys/
kern/
17 lines

Diff 120957

View Options

sys/kern/vfs_lookup.c

Loading...