Diffusion FreeBSD src repository 4dd124c3171d

MFC jail: Change both root and working directories in jail_attach(2)
4dd124c3171d
Actions

Description

MFC jail: Change both root and working directories in jail_attach(2)

jail_attach(2) performs an internal chroot operation, leaving it up to
the calling process to assure the working directory is inside the jail.

Add a matching internal chdir operation to the jail's root. Also
ignore kern.chroot_allow_open_directories, and always disallow the
operation if there are any directory descriptors open.

Approved by: so
Security: CVE-2020-25582
Security: FreeBSD-SA-21:05.jail_chdir
Reported by: mjg
Approved by: markj, kib

(cherry picked from commit d4380c0cdd0517dc038403dd5c99242ce78bdeb5)
(cherry picked from commit ca9ab8ea17748a1758701fde262cb272fb757989)

Details

Provenance

jamie	Authored on Feb 19 2021, 10:13 PM
markj	Committed on Feb 24 2021, 1:41 AM

Parents

rGb306be13a9c7: MFC jail: Handle a possible race between jail_remove(2) and fork(2)

Branches

Unknown

Tags

Unknown

Event Timeline

markj committed rG4dd124c3171d: MFC jail: Change both root and working directories in jail_attach(2) (authored by jamie).Feb 24 2021, 1:41 AM

Changes (4)

Path

Size

lib/

libc/

sys/

jail.2

sys/

kern/

kern_descrip.c

kern_jail.c

sys/

filedesc.h

rG4dd124c3171d

View Options

lib/libc/sys/jail.2

View Options

sys/kern/kern_descrip.c

View Options

sys/kern/kern_jail.c

View Options

MFC jail: Change both root and working directories in jail_attach(2)4dd124c3171dActions

Description

Details

Event Timeline

Changes (4)

rG4dd124c3171d

lib/libc/sys/jail.2

sys/kern/kern_descrip.c

sys/kern/kern_jail.c

sys/sys/filedesc.h

MFC jail: Change both root and working directories in jail_attach(2)
4dd124c3171d
Actions