From owner-freebsd-arch  Fri Sep 13  0:48:14 2002
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B084137B400
	for <arch@freebsd.org>; Fri, 13 Sep 2002 00:48:10 -0700 (PDT)
Received: from rootlabs.com (root.org [67.118.192.226])
	by mx1.FreeBSD.org (Postfix) with SMTP id 2104943E77
	for <arch@freebsd.org>; Fri, 13 Sep 2002 00:48:06 -0700 (PDT)
	(envelope-from nate@rootlabs.com)
Received: (qmail 26027 invoked by uid 1000); 13 Sep 2002 07:48:08 -0000
Date: Fri, 13 Sep 2002 00:48:08 -0700 (PDT)
From: Nate Lawson <nate@root.org>
To: Garrett Wollman <wollman@lcs.mit.edu>
Cc: arch@freebsd.org, imp@freebsd.org, peter@freebsd.org
Subject: Re: PATCH: vnode->v_tag to const char *
In-Reply-To: <200209130213.g8D2DJP1093588@khavrinen.lcs.mit.edu>
Message-ID: <Pine.BSF.4.21.0209130039480.26024-100000@root.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG

On Thu, 12 Sep 2002, Garrett Wollman wrote:
> In article <mit.lcs.mail.freebsd-arch/Pine.BSF.4.21.0209121745430.25388-100000@root.org> you write:
> >   VV_NATIVE - ufs, ffs, mfs (full owner, ugid/flags support)
> >   VV_FOREIGN - msdosfs, ntfs, hpfs (don't support full unix semantics)
> >   VV_REMOTE - smbfs, nwfs (network-based)
> >   VV_KERNEL - procfs, fdescfs, devfs (view into kernel data)
> >   VV_WEIRD - unionfs  ;-)
> 
> vfsconf flags are your friends.
> 
> -GAWollman

Ok, now that works for NFS (VFCF_NETWORK).  But the procfs check is
horrible.

For those just tuning in, if a set[ug]id program has /proc/mumble open on
fds 0-2, it's possible it could inadvertently write to them, causing a
crash.  The check is_unsafe() in kern_descrip.c handles this case.

I changed it to use VFCF_SYNTHETIC instead but that is not right --
fdescfs and devfs (think: /dev/fd/*, /dev/tty) are also synthetic.  And
what about portal ... ?

What is the 'right' way to keep sugid programs from crashing the system
with open 0-2 fds?

Thanks,
-Nate


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message