Date: Fri, 13 Sep 2002 00:48:08 -0700 (PDT) From: Nate Lawson <nate@root.org> To: Garrett Wollman <wollman@lcs.mit.edu> Cc: arch@freebsd.org, imp@freebsd.org, peter@freebsd.org Subject: Re: PATCH: vnode->v_tag to const char * Message-ID: <Pine.BSF.4.21.0209130039480.26024-100000@root.org> In-Reply-To: <200209130213.g8D2DJP1093588@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 12 Sep 2002, Garrett Wollman wrote: > In article <mit.lcs.mail.freebsd-arch/Pine.BSF.4.21.0209121745430.25388-100000@root.org> you write: > > VV_NATIVE - ufs, ffs, mfs (full owner, ugid/flags support) > > VV_FOREIGN - msdosfs, ntfs, hpfs (don't support full unix semantics) > > VV_REMOTE - smbfs, nwfs (network-based) > > VV_KERNEL - procfs, fdescfs, devfs (view into kernel data) > > VV_WEIRD - unionfs ;-) > > vfsconf flags are your friends. > > -GAWollman Ok, now that works for NFS (VFCF_NETWORK). But the procfs check is horrible. For those just tuning in, if a set[ug]id program has /proc/mumble open on fds 0-2, it's possible it could inadvertently write to them, causing a crash. The check is_unsafe() in kern_descrip.c handles this case. I changed it to use VFCF_SYNTHETIC instead but that is not right -- fdescfs and devfs (think: /dev/fd/*, /dev/tty) are also synthetic. And what about portal ... ? What is the 'right' way to keep sugid programs from crashing the system with open 0-2 fds? Thanks, -Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0209130039480.26024-100000>