Subject: kern/36385: systrace and non-existent files
To: None <,,>
From: None <>
List: netbsd-bugs
Date: 05/24/2007 14:45:01
>Number:         36385
>Category:       kern
>Synopsis:       Matching non-existent files in policies no longer works
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 24 14:45:01 +0000 2007
>Originator:     Michael Piotrowski
>Release:        NetBSD 3.1
System: NetBSD aix 3.1 NetBSD 3.1 (GENERIC.MPACPI) #0: Tue Oct 31 04:47:22 UTC 2006 i386
Architecture: i386
Machine: i386
After updating from NetBSD 3.0.1 to 3.1 I noticed that some programs
are now being killed by systrace and that for others lots of "deny"
messages are being logged--while it had worked fine before.  I noticed
that this was related to the handling of non-existent filenames.
While before rules like

  netbsd-fsread: filename match "/<non-existent filename>: *" then deny[enoent]

worked, they no longer match.

It seems that this is the same issue as described in PR 32360 ("recent
changes breaks systrace fswrite").  Browsing CVS, I found that this
problem was fixed in revision of getcwd.c, but in revision, which is used in NetBSD 3.1, exactly this change was removed.

Being unable to handle non-existent filenames correctly severely limits
the usefulness of systrace for me.


- Create a systrace policy:
  $ systrace -A ls .profile

- Add the following lines to the policy:

	netbsd-fsread: filename match "/<non-existent filename>: *" then deny[enoent]
	netbsd-fsread: filename match "/tmp/foo" then deny[enoent]

  Where /tmp/foo should not exist.

- Run (/tmp/foo and /tmp/bar must not exist):
  $ systrace -a ls /tmp/foo  
  ls: /tmp/foo: No such file or directory
  $ systrace -a ls /tmp/bar
  ls: /tmp/bar: Operation not permitted

  This shows that the rule for non-existing filenames does not match.