Date: Tue, 6 Apr 2021 19:20:07 GMT From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 6f7815083ad6 - stable/11 - mount: Disallow mounting over a jail root Message-ID: <202104061920.136JK78P000942@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/11 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=6f7815083ad66c34bad0dfa08c7033ff670b3be1 commit 6f7815083ad66c34bad0dfa08c7033ff670b3be1 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2021-04-06 19:09:43 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2021-04-06 19:09:43 +0000 mount: Disallow mounting over a jail root Discussed with: jamie Approved by: so Security: CVE-2020-25584 Security: FreeBSD-SA-21:10.jail_mount --- sys/kern/vfs_mount.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sys/kern/vfs_mount.c b/sys/kern/vfs_mount.c index 7885052c27d6..613872303982 100644 --- a/sys/kern/vfs_mount.c +++ b/sys/kern/vfs_mount.c @@ -830,6 +830,11 @@ vfs_domount_first( ASSERT_VOP_ELOCKED(vp, __func__); KASSERT((fsflags & MNT_UPDATE) == 0, ("MNT_UPDATE shouldn't be here")); + if (vp == td->td_ucred->cr_prison->pr_root) { + vput(vp); + return (EPERM); + } + /* * If the user is not root, ensure that they own the directory * onto which we are attempting to mount.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202104061920.136JK78P000942>