PERFORCE change 156452 for review
Robert Watson
rwatson at FreeBSD.org
Tue Jan 20 15:34:06 PST 2009
http://perforce.freebsd.org/chv.cgi?CH=156452
Change 156452 by rwatson at rwatson_freebsd_capabilities on 2009/01/20 23:33:35
When fexecve(2) is called on a dynamically linked ELF binary in
capability mode, disallow access to the globally named
interpreter, or specially crafted binaries may be able to gain
access to files outside of the sandbox. For now we'll handle
only statically linked code in capability mode, but later we'll
do something more useful.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/imgact_elf.c#4 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/imgact_elf.c#4 (text+ko) ====
@@ -492,9 +492,14 @@
imgp->object = NULL;
imgp->execlabel = NULL;
+ vfslocked = 0;
+ if (curthread->td_ucred->cr_flags & CRED_FLAG_CAPMODE) {
+ nd->ni_vp = NULL;
+ error = EPERM;
+ goto fail;
+ }
NDINIT(nd, LOOKUP, MPSAFE|LOCKLEAF|FOLLOW, UIO_SYSSPACE, file,
curthread);
- vfslocked = 0;
if ((error = namei(nd)) != 0) {
nd->ni_vp = NULL;
goto fail;
More information about the p4-projects
mailing list