Date: Sat, 27 Mar 2004 21:36:20 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: freebsd-arch@freebsd.org Subject: fchroot(2) and others. Message-ID: <20040327203620.GR8930@darkness.comp.waw.pl>
next in thread | raw e-mail | index | archive | help
--u5h+kxyd0mPeN+64 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi. Are we interested in fchroot(2) syscall? It exists in NetBSD. If so, its implementation is in pjd_secure_syscalls branch or at: http://people.freebsd.org/~pjd/patches/secure_syscalls.patch I've also impelemnted safe versions of other syscalls: int flink(int fd, const char *link); int funlink(int fd, const char *path); int frename(int fd, const char *from, const char *to); Maybe funlink(2) and frename(2) looks wired, but it should work. The idea is, that one cannot pass descriptor number only to those functions, because they're operating on file systems object names and there is no clean way to get path name from descriptor. So I decide to do it in this way: 1. Take vnode from file descriptor. 2. Lock vnode. 3. Take vnode from path. 4. Lock vnode. 5. Compare both vnodes. 6. If equal do the action (rename, unlink). So we need to open given file and pass descriptor number and its file name to a syscall. Code in branch is not tested yet, it is only a proof-of-concept. --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --u5h+kxyd0mPeN+64 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAZeXEForvXbEpPzQRAuyRAKCKq68+JUXWh1BFgBxKIUeIRwx43ACfRKtK BLvMlFKeYp+l+4PTbdimUFg= =01Tt -----END PGP SIGNATURE----- --u5h+kxyd0mPeN+64--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040327203620.GR8930>