Date: Thu, 30 Jul 2020 15:47:36 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 231480] sysutils/grub2-bhyve: "(host)" filesystem is a potential security issue Message-ID: <bug-231480-7788-IQVdMSZUkD@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-231480-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-231480-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D231480 --- Comment #7 from Conrad Meyer <cem@freebsd.org> --- (In reply to Peter Grehan from comment #6) Apologies, somehow I missed this folow-up. I think with our pre-opened fd cache, we can just chdir("/var/empty") and chroot(".") in grub_emu_bhyve_post_init() (or cap_enter() on Capsicum syste= ms). We're already doing (host) access via fd-relative opens, I think. I'm not sure why I didn't add that additional step back in March! It shoul= dn't impact much desired functionality and would complete the sandbox. Worth mentioning there's a few more Grub cfg-running related vulnerabilities described recently here: https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ . The top-level lexing one likely impacts us. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-231480-7788-IQVdMSZUkD>