Fix a hole in jail(2).
Noticed by: Alexander Bezroutchko <abb@zenon.net>
This commit is contained in:
Poul-Henning Kamp
parent
46783fb897
commit
2fe5bd8bb8
@ -885,6 +885,9 @@ fdinit(p)
|
||||
VREF(newfdp->fd_fd.fd_cdir);
|
||||
newfdp->fd_fd.fd_rdir = fdp->fd_rdir;
|
||||
VREF(newfdp->fd_fd.fd_rdir);
|
||||
newfdp->fd_fd.fd_jdir = fdp->fd_jdir;
|
||||
if (newfdp->fd_fd.fd_jdir)
|
||||
VREF(newfdp->fd_fd.fd_jdir);
|
||||
|
||||
/* Create the file descriptor table. */
|
||||
newfdp->fd_fd.fd_refcnt = 1;
|
||||
@ -932,6 +935,8 @@ fdcopy(p)
|
||||
bcopy(fdp, newfdp, sizeof(struct filedesc));
|
||||
VREF(newfdp->fd_cdir);
|
||||
VREF(newfdp->fd_rdir);
|
||||
if (newfdp->fd_jdir)
|
||||
VREF(newfdp->fd_jdir);
|
||||
newfdp->fd_refcnt = 1;
|
||||
|
||||
/*
|
||||
@ -995,6 +1000,8 @@ fdfree(p)
|
||||
FREE(fdp->fd_ofiles, M_FILEDESC);
|
||||
vrele(fdp->fd_cdir);
|
||||
vrele(fdp->fd_rdir);
|
||||
if(fdp->fd_jdir)
|
||||
vrele(fdp->fd_jdir);
|
||||
FREE(fdp, M_FILEDESC);
|
||||
}
|
||||
|
||||
|
||||
@ -910,6 +910,10 @@ chroot(p, uap)
|
||||
return (error);
|
||||
vrele(fdp->fd_rdir);
|
||||
fdp->fd_rdir = nd.ni_vp;
|
||||
if (!fdp->fd_jdir) {
|
||||
fdp->fd_jdir = nd.ni_vp;
|
||||
VREF(fdp->fd_jdir);
|
||||
}
|
||||
return (0);
|
||||
}
|
||||
|
||||
|
||||
@ -130,6 +130,7 @@ namei(ndp)
|
||||
* Get starting point for the translation.
|
||||
*/
|
||||
ndp->ni_rootdir = fdp->fd_rdir;
|
||||
ndp->ni_topdir = fdp->fd_jdir;
|
||||
|
||||
dp = fdp->fd_cdir;
|
||||
VREF(dp);
|
||||
@ -387,10 +388,14 @@ lookup(ndp)
|
||||
* filesystem, then replace it with the
|
||||
* vnode which was mounted on so we take the
|
||||
* .. in the other file system.
|
||||
* 3. If the vnode is the top directory of
|
||||
* the jail or chroot, don't let them out.
|
||||
*/
|
||||
if (cnp->cn_flags & ISDOTDOT) {
|
||||
for (;;) {
|
||||
if (dp == ndp->ni_rootdir || dp == rootvnode) {
|
||||
if (dp == ndp->ni_rootdir ||
|
||||
dp == ndp->ni_topdir ||
|
||||
dp == rootvnode) {
|
||||
ndp->ni_dvp = dp;
|
||||
ndp->ni_vp = dp;
|
||||
VREF(dp);
|
||||
|
||||
@ -910,6 +910,10 @@ chroot(p, uap)
|
||||
return (error);
|
||||
vrele(fdp->fd_rdir);
|
||||
fdp->fd_rdir = nd.ni_vp;
|
||||
if (!fdp->fd_jdir) {
|
||||
fdp->fd_jdir = nd.ni_vp;
|
||||
VREF(fdp->fd_jdir);
|
||||
}
|
||||
return (0);
|
||||
}
|
||||
|
||||
|
||||
@ -61,6 +61,7 @@ struct filedesc {
|
||||
char *fd_ofileflags; /* per-process open file flags */
|
||||
struct vnode *fd_cdir; /* current directory */
|
||||
struct vnode *fd_rdir; /* root directory */
|
||||
struct vnode *fd_jdir; /* jail root directory */
|
||||
int fd_nfiles; /* number of open files allocated */
|
||||
u_short fd_lastfile; /* high-water mark of fd_ofiles */
|
||||
u_short fd_freefile; /* approx. next free file */
|
||||
|
||||
@ -58,6 +58,7 @@ struct nameidata {
|
||||
/* struct ucred *ni_cred; credentials */
|
||||
struct vnode *ni_startdir; /* starting directory */
|
||||
struct vnode *ni_rootdir; /* logical root directory */
|
||||
struct vnode *ni_topdir; /* logical top directory */
|
||||
/*
|
||||
* Results: returned from/manipulated by lookup
|
||||
*/
|
||||
|
||||
@ -46,7 +46,7 @@
|
||||
#define BSD4_3 1
|
||||
#define BSD4_4 1
|
||||
#undef __FreeBSD_version
|
||||
#define __FreeBSD_version 400009 /* Master, propagated to newvers */
|
||||
#define __FreeBSD_version 400010 /* Master, propagated to newvers */
|
||||
|
||||
#ifndef NULL
|
||||
#define NULL 0
|
||||
|
||||
Loading…
Reference in New Issue
Block a user