Re: kern/45700: /chroot/proc/mounts exposes out-of-chroot pathnames

[Matthew Mondor <mm_lists%pulsar-zone.net@localhost>]

The following reply was made to PR kern/45700; it has been noted by GNATS.

From: Matthew Mondor <mm_lists%pulsar-zone.net@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: kern/45700: /chroot/proc/mounts exposes out-of-chroot pathnames
Date: Fri, 9 Dec 2011 04:58:10 -0500

 >  >   If I'm chrooted in /chroot, and I mount procfs on /proc (in the
 >  >   chroot), then /proc/mounts exposes pathnames from outside the
 >  >   chroot.
 
 Argh...
 
 
 On Fri,  9 Dec 2011 09:05:04 +0000 (UTC)
 matthew green <mrg%eterna.com.au@localhost> wrote:
 
 >  df(1) gets this right.  hopefully we can use what ever it does
 >  to fix this one...
 
 I seems that df(1) uses getmntinfo(3) which itself uses getvfsstat(2),
 calling do_getvfsstat()->dostatvfs() in sys/kern/vfs_syscalls.c:
 
                 /*
                  * for mount points that are below our root, we can see
                  * them, so we fix up the pathname and return them. The
                  * rest we cannot see, so we don't allow viewing the
                  * data.
                  */
 
 Perhaps that this check could be moved into a function shared by both
 dostatvfs() and the procfs code (possibly also other such redundant
 checks elsewhere?); It also would be worth checking if procfs
 Linux-compatibility nodes also have another leak...
 -- 
 Matt