From nobody Fri May 23 14:30:46 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4b3ndQ2H5mz5xJRw; Fri, 23 May 2025 14:30:50 +0000 (UTC) (envelope-from bapt@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4b3ndQ05bkz3WlV; Fri, 23 May 2025 14:30:50 +0000 (UTC) (envelope-from bapt@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1748010650; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=xXQiZabMc2DwMtLBsbmyN9Lqz/ilH3r4grkU9MAUO2g=; b=BDBw1D42oHYmITKm7/FzCsuR7+I44ABVqBv5N4WxeYSUEvGSGLN7roS2MzBxMu+06hFsPX V7UPwYSr2ACymtRbc4JgN5sz7jUQE5lyh9Susgr9UmzS5ytqg1O2Mz6BDWchRPZ3UeirDP PYzCwq+ELuj8B1zrzZM71kOcf+cFHvVytucb48PWkX2/OuUzbtswmDefZDyhbzkOcfcw4U vbykCoPXeGcIiAxS8fBf025S1ys9wiG+Y3PFQh0YghI/vdxu97V5FYS19kSQViwT4jw3C8 qg+5OXcQnJmX5WuInypKuFwluc1gN702cVziBKHFxbyKwCIE2HNSaro6JZXeUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1748010650; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=xXQiZabMc2DwMtLBsbmyN9Lqz/ilH3r4grkU9MAUO2g=; b=MYLN9gZXNfAEv/NBw13GeK2IAb/UK82edRHtlrfbnfgDAHEUjLLyWP+pl1YxUiSpfu+Oq6 JOhuHhez9HvEmVV+9p9mR1XkbcXwxXG72or8I+CO/pcTM0pO24JCv1XgDtbKV6uneYczN0 SyyaReeE1yW1wW5BL8U0EMHd31Tx2B/TEKdYNjyxRTzBNxzDtIf3RrQJNViwksxPT3HXPo ET0EjuP3xn0ICimSb15foyTH7FUfteDmznYs6q51alR4SI9jQd1b/j1RHzSNHy86JFhSNh z2BC+NH0SwVOKyxDmlz02Hs/WZnvY4E7IGzxl9xPFToyJbB2+NLaWGLOKBDemw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1748010650; a=rsa-sha256; cv=none; b=CqXPEsL1zkkXDKK2Tu/UpVkIS/pwRt4Kh0pd5+L+uFpjgraljgO/JWSvBQ9E++vgcE7Rt7 pq6KMDweQfA/vA6fR9397U0MfwBA7CzJfZMXAw/ra2zxMimDWp5zlYcazN6G5sTiJrnTUc L5dw09aZVl+LCoBR89hXE2Licn7BgfQwlHZBqD6j2yfQJ7YlTG+8bpTe02f0aO9m5gQutB ZNG49hQx+riBljGTRXVmp6N1ckBVaQUWHJNRWoq8c3RGpX3ZkdClLtXVedXPP7iaSr8/3b YQMFfn5QzFZTpPKI0FB8cYvQB/+jH3BadyBJiLIHgacrutdzkAlVAkQ8qhg6AA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from b.nours.eu (b.nours.eu [IPv6:2001:41d0:303:5e39::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: bapt) by smtp.freebsd.org (Postfix) with ESMTPSA id 4b3ndP66tnz8mW; Fri, 23 May 2025 14:30:49 +0000 (UTC) (envelope-from bapt@freebsd.org) Received: by b.nours.eu (Postfix, from userid 1001) id A8C53D11C9; Fri, 23 May 2025 16:30:46 +0200 (CEST) Date: Fri, 23 May 2025 16:30:46 +0200 From: Baptiste Daroussin To: Mark Johnston Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 7587f6d4840f - main - namei: Make stackable filesystems check harder for jail roots Message-ID: References: <202505231304.54ND4jMD044846@gitrepo.freebsd.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202505231304.54ND4jMD044846@gitrepo.freebsd.org> On Fri 23 May 13:04, Mark Johnston wrote: > The branch main has been updated by markj: > > URL: https://cgit.FreeBSD.org/src/commit/?id=7587f6d4840f8d363e457cddc14c184cf1fe7cc1 > > commit 7587f6d4840f8d363e457cddc14c184cf1fe7cc1 > Author: Mark Johnston > AuthorDate: 2025-05-23 12:52:24 +0000 > Commit: Mark Johnston > CommitDate: 2025-05-23 13:03:38 +0000 > > namei: Make stackable filesystems check harder for jail roots > > Suppose a process has its cwd pointing to a nullfs directory, where the > lower directory is also visible in the jail's filesystem namespace. > Suppose that the lower directory vnode is moved out from under the > nullfs mount. The nullfs vnode still shadows the lower vnode, and > dotdot lookups relative to that directory will instantiate new nullfs > vnodes outside of the nullfs mountpoint, effectively shadowing the lower > filesystem. > > This phenomenon can be abused to escape a chroot, since the nullfs > vnodes instantiated by these dotdot lookups defeat the root vnode check > in vfs_lookup(), which uses vnode pointer equality to test for the > process root. > > Fix this by extending nullfs and unionfs to perform the same check, > exploiting the fact that the passed componentname is embedded in a > nameidata structure to avoid changing the VOP_LOOKUP interface. That > is, add a flag to indicate that containerof can be used to get the full > nameidata structure, and perform the root vnode check on the lower vnode > when performing a dotdot lookup. /home/pkgbuild/worktrees/main/sys/kern/vfs_cache.c:5276:24: error: variable 'cnp' set but not used [-Werror,-Wunused-but-set-variable] it breaks the build, Best regards, Bapt