Re: git: 7587f6d4840f - main - namei: Make stackable filesystems check harder for jail roots
Date: Fri, 23 May 2025 14:30:46 UTC
On Fri 23 May 13:04, Mark Johnston wrote: > The branch main has been updated by markj: > > URL: https://cgit.FreeBSD.org/src/commit/?id=7587f6d4840f8d363e457cddc14c184cf1fe7cc1 > > commit 7587f6d4840f8d363e457cddc14c184cf1fe7cc1 > Author: Mark Johnston <markj@FreeBSD.org> > AuthorDate: 2025-05-23 12:52:24 +0000 > Commit: Mark Johnston <markj@FreeBSD.org> > CommitDate: 2025-05-23 13:03:38 +0000 > > namei: Make stackable filesystems check harder for jail roots > > Suppose a process has its cwd pointing to a nullfs directory, where the > lower directory is also visible in the jail's filesystem namespace. > Suppose that the lower directory vnode is moved out from under the > nullfs mount. The nullfs vnode still shadows the lower vnode, and > dotdot lookups relative to that directory will instantiate new nullfs > vnodes outside of the nullfs mountpoint, effectively shadowing the lower > filesystem. > > This phenomenon can be abused to escape a chroot, since the nullfs > vnodes instantiated by these dotdot lookups defeat the root vnode check > in vfs_lookup(), which uses vnode pointer equality to test for the > process root. > > Fix this by extending nullfs and unionfs to perform the same check, > exploiting the fact that the passed componentname is embedded in a > nameidata structure to avoid changing the VOP_LOOKUP interface. That > is, add a flag to indicate that containerof can be used to get the full > nameidata structure, and perform the root vnode check on the lower vnode > when performing a dotdot lookup. /home/pkgbuild/worktrees/main/sys/kern/vfs_cache.c:5276:24: error: variable 'cnp' set but not used [-Werror,-Wunused-but-set-variable] it breaks the build, Best regards, Bapt