[Bug 232878] File sealing
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Nov 1 07:41:06 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232878
Bug ID: 232878
Summary: File sealing
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: contact at emersion.fr
File sealing is a Linux-specific safety mechanism that can be used when sharing
memory between two processes.
In this scenario, one process typically calls shm_open(SHM_ANON), mmaps the
result in its address space, writes interesting things in this slice of memory,
sends the file descriptor over a Unix socket to another process. The other
process then mmaps the file descriptor to its own address space and reads the
shared memory.
Sometimes the two processes don't trust each other, for instance in the case of
Wayland. Bad clients may try to crash the compositor.
One way to crash the compositor is to send a shared memory file descriptor and
then shrink the file. When the compositor tries to read the now-unmapped part
of the file it'll receive SIGBUS.
What the compositor currently does is that it handles SIGBUS and ignores it if
it's about a memory slice mmapped from IPC. Apart from being a hack, this makes
things complicated because:
* There are multiple Wayland interfaces that need to mmap a file descriptor
sent over IPC. Collecting the list of IPC-mmapped regions is currently not
possible with libwayland.
* Since SIGBUS is global state, handling it is difficult. Some other IPC
mechanisms might need to add more regions to the list. Threads make this even
more annoying.
See https://gitlab.freedesktop.org/wayland/wayland/issues/53#note_24663
I'd like to know if there are plans to add a feature similar to file sealing
(https://lwn.net/Articles/591108/) in FreeBSD.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list