[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/45700: /chroot/proc/mounts exposes out-of-chroot pathnames
The following reply was made to PR kern/45700; it has been noted by GNATS.
From: Matthew Mondor <mm_lists%pulsar-zone.net@localhost>
Subject: Re: kern/45700: /chroot/proc/mounts exposes out-of-chroot pathnames
Date: Fri, 9 Dec 2011 04:58:10 -0500
> > If I'm chrooted in /chroot, and I mount procfs on /proc (in the
> > chroot), then /proc/mounts exposes pathnames from outside the
> > chroot.
On Fri, 9 Dec 2011 09:05:04 +0000 (UTC)
matthew green <mrg%eterna.com.au@localhost> wrote:
> df(1) gets this right. hopefully we can use what ever it does
> to fix this one...
I seems that df(1) uses getmntinfo(3) which itself uses getvfsstat(2),
calling do_getvfsstat()->dostatvfs() in sys/kern/vfs_syscalls.c:
* for mount points that are below our root, we can see
* them, so we fix up the pathname and return them. The
* rest we cannot see, so we don't allow viewing the
Perhaps that this check could be moved into a function shared by both
dostatvfs() and the procfs code (possibly also other such redundant
checks elsewhere?); It also would be worth checking if procfs
Linux-compatibility nodes also have another leak...
Main Index |
Thread Index |