NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/45700: /chroot/proc/mounts exposes out-of-chroot pathnames

The following reply was made to PR kern/45700; it has been noted by GNATS.

From: Matthew Mondor <>
Subject: Re: kern/45700: /chroot/proc/mounts exposes out-of-chroot pathnames
Date: Fri, 9 Dec 2011 04:58:10 -0500

 >  >   If I'm chrooted in /chroot, and I mount procfs on /proc (in the
 >  >   chroot), then /proc/mounts exposes pathnames from outside the
 >  >   chroot.
 On Fri,  9 Dec 2011 09:05:04 +0000 (UTC)
 matthew green <> wrote:
 >  df(1) gets this right.  hopefully we can use what ever it does
 >  to fix this one...
 I seems that df(1) uses getmntinfo(3) which itself uses getvfsstat(2),
 calling do_getvfsstat()->dostatvfs() in sys/kern/vfs_syscalls.c:
                  * for mount points that are below our root, we can see
                  * them, so we fix up the pathname and return them. The
                  * rest we cannot see, so we don't allow viewing the
                  * data.
 Perhaps that this check could be moved into a function shared by both
 dostatvfs() and the procfs code (possibly also other such redundant
 checks elsewhere?); It also would be worth checking if procfs
 Linux-compatibility nodes also have another leak...

Home | Main Index | Thread Index | Old Index