Subject: Re: chroot jail for ftpd
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Jason R Thorpe <thorpej@wasabisystems.com>
List: tech-kern
Date: 10/18/2001 15:04:28
--osDK9TLjxFScVI/L
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Thu, Oct 18, 2001 at 02:54:11PM -0700, Jonathan Stone wrote:

 > Setting LD_LIBRARY_PATH to point to a writable filesystem, and putting
 > a "trojan" shared library there, gives any user a trivial way to break
 > out of the sandboxes.  Thor is asking to close that loophole.

Right, I know that one ... attached is a patch which should fix it.

-- 
        -- Jason R. Thorpe <thorpej@wasabisystems.com>

--osDK9TLjxFScVI/L
Content-Type: text/plain; charset=us-ascii
Content-Description: uvm_mmap_noexec.diff
Content-Disposition: attachment; filename=foo

Index: uvm_mmap.c
===================================================================
RCS file: /cvsroot/syssrc/sys/uvm/uvm_mmap.c,v
retrieving revision 1.56
diff -c -r1.56 uvm_mmap.c
*** uvm_mmap.c	2001/09/15 20:36:46	1.56
--- uvm_mmap.c	2001/10/18 22:03:27
***************
*** 1058,1063 ****
--- 1058,1072 ----
  
  	} else {
  		vp = (struct vnode *)handle;
+ 
+ 		/*
+ 		 * Don't allow mmap for EXEC if the file system
+ 		 * is mounted NOEXEC.
+ 		 */
+ 		if ((prot & PROT_EXEC) != 0 &&
+ 		    (vp->v_mount->mnt_flag & MNT_NOEXEC) != 0)
+ 			return (EACCES);
+ 
  		if (vp->v_type != VCHR) {
  			error = VOP_MMAP(vp, 0, curproc->p_ucred, curproc);
  			if (error) {

--osDK9TLjxFScVI/L--