From nobody Thu Feb 23 14:24:34 2023 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PMwJg2sjxz3tnNP for ; Thu, 23 Feb 2023 14:24:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PMwJg0cykz4NDd for ; Thu, 23 Feb 2023 14:24:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1677162275; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1eKLiVqpPi2UJRDdglA8rb8NDExY+mnfm/eCLYOpCNs=; b=VdTTJnEYlt1w6JRj7fgUPYaiQisxnIoZl3sAHFHOpMzpr57dLTAL0LOnfzIcQY21DGIGXw qruu0eJl2y6qTzmLd1F3HXAEbssh6bQ+btGXv6EfVyLoJ7romFR3NdjLE7Fc/eJUFsn//Q OPfRpaEUZxZRc/5onnlvIQOHPpAz9xiY6omJajrFTyuk6iolhlnqNyC1whDvGoFsKbrsX0 7wSMoAu2+14o3ZCb7aOYmHBZMybkaKUrRUPi/mJ81SbP0jeDOTq4UBf97thjtfTpY6ZRT8 ltkytg0fkXKP/sQ6iHcucraNu9a08slDOXHFsBp++wC0dcScQKMY6rp3tM6jEg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1677162275; a=rsa-sha256; cv=none; b=gfL9SeXv0jqKrg6ZRpJ9ez5jB3tfPPeyyUOuTdeK0U3gjyt5ov7t7UTuOJxzCLLJsbTxsR Q6PPt89k6oQpFzxV1EEkvNqk0kfvyo52hTT3r3EwxFOWcVkS26EBg6Y8Akqu55amCsmH4+ RshTbzxi1ReXewVvGnb6+hbeqQcvAnFcYW5xNtuPB0Frdmd1/k8DRrSJkEE3/ZxCD++8YH Dr7TwKKVVFfPvXZekVSrnreOlNpOrH1lmIKo791guyWqtyZIWDPqxgdgtuF4WfqjmeQLvC q3Bx/lfBxgTafawi6uug2ZGUFIEvCCFce6ymBdRfK8y+PrpF+LVL1iof8h7bZQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PMwJf6nCVzlkD for ; Thu, 23 Feb 2023 14:24:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 31NEOYV8086480 for ; Thu, 23 Feb 2023 14:24:34 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 31NEOYxt086479 for bugs@FreeBSD.org; Thu, 23 Feb 2023 14:24:34 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 269780] O_RESOLVE_BENEATH succeeds on ".." on "/" Date: Thu, 23 Feb 2023 14:24:34 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: dev@sunfishcode.online X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D269780 --- Comment #2 from Dan Gohman --- For example, if I have a network file server using O_RESOLVE_BENEATH to ens= ure that I'm only serving files within a certain directory, and the directory contains directories like "bin", "etc", and similar, attackers could tell whether I'm serving up my actual root directory or just some other directory that has root-like contents. If it is my actual root directory, that might help them learn about the ver= sion or configuration of the system the server is running on. It may also reveal that the server is running FreeBSD, since the Linux with RESOLVE_BENEATH implementation and the portable-but-slow implementation I have both fail in this situation. --=20 You are receiving this mail because: You are the assignee for the bug.=