Subject: bin/35192: systrace -AU not working with nonexistent files.
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: None <morth@morth.org>
List: netbsd-bugs
Date: 12/05/2006 19:40:00
>Number:         35192
>Category:       bin
>Synopsis:       systrace -AU not working with nonexistent files.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Dec 05 19:40:00 +0000 2006
>Originator:     morth@morth.org
>Release:        NetBSD 3.0
>Organization:
	
>Environment:
	
	
System: NetBSD kaninen.morth.org 3.0 NetBSD 3.0 (kaninen) #8: Sun Jul 23 23:24:06 CEST 2006 pelle@kaninen.morth.org:/mnt/netbsd/netbsd-3.0/usr/src/sys/arch/macppc/compile/kaninen macppc
Architecture: powerpc
Machine: macppc
>Description:
	If I run a command such as
	sudo systrace -AU touch test
	where test is nonexistant, the file created will actually be /<non-existent filename>: test (in the root directory).
	The problem persists even if I add a netbsd-fswrite: permit line in /etc/systrace/usr_bin_touch, but is resolved if I add netbsd-open: permit (touch is created in current directory).
	This does not apply to existant files, the command will then work even with no /etc/systrace/usr_bin_touch.
	The same applies to the mkdir, rename, symlink and link system calls. It does not apply to mkfifo, mknod and bind.
	Debugging with ktruss, the same probably applies when trying to open non-existent files for reading, but that is not as serious unless someone can make malicious files in the root directory.
	
>How-To-Repeat:
	# ls -l test
	ls: test: No such file or directory
	# sudo systrace -AU touch test
	# ls -l test
	ls: test: No such file or directory
	# ls -l /\<non-existent\ filename\>:\ test
	-rw-r--r--  1 root  wheel  0 Dec  5 20:19 /<non-existent filename>: test
	
>Fix:
	A workaround is to add the troublesome syscalls to the system policy.
	(notice that adding fswrite will not help neither open nor mkdir).
	

>Unformatted: