Subject: Re: chroot jail for ftpd
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Jason R Thorpe <thorpej@wasabisystems.com>
List: tech-security
Date: 10/18/2001 15:04:28
--osDK9TLjxFScVI/L
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Thu, Oct 18, 2001 at 02:54:11PM -0700, Jonathan Stone wrote:
> Setting LD_LIBRARY_PATH to point to a writable filesystem, and putting
> a "trojan" shared library there, gives any user a trivial way to break
> out of the sandboxes. Thor is asking to close that loophole.
Right, I know that one ... attached is a patch which should fix it.
--
-- Jason R. Thorpe <thorpej@wasabisystems.com>
--osDK9TLjxFScVI/L
Content-Type: text/plain; charset=us-ascii
Content-Description: uvm_mmap_noexec.diff
Content-Disposition: attachment; filename=foo
Index: uvm_mmap.c
===================================================================
RCS file: /cvsroot/syssrc/sys/uvm/uvm_mmap.c,v
retrieving revision 1.56
diff -c -r1.56 uvm_mmap.c
*** uvm_mmap.c 2001/09/15 20:36:46 1.56
--- uvm_mmap.c 2001/10/18 22:03:27
***************
*** 1058,1063 ****
--- 1058,1072 ----
} else {
vp = (struct vnode *)handle;
+
+ /*
+ * Don't allow mmap for EXEC if the file system
+ * is mounted NOEXEC.
+ */
+ if ((prot & PROT_EXEC) != 0 &&
+ (vp->v_mount->mnt_flag & MNT_NOEXEC) != 0)
+ return (EACCES);
+
if (vp->v_type != VCHR) {
error = VOP_MMAP(vp, 0, curproc->p_ucred, curproc);
if (error) {
--osDK9TLjxFScVI/L--