bhyveload: use a dirfd to support -h
Don't allow lookups from the loader scripts, which in rare cases may be
in guest control depending on the setup, to leave the specified host
root. Open the root dir and strictly do RESOLVE_BENEATH lookups from
there.
cb_open() has been restructured a bit to work nicely with this, using
fdopendir() in the directory case and just using the fd we already
opened in the regular file case.
hostbase_open() was split out to provide an obvious place to apply
rights(4) if that's something we care to do.
Reviewed by: allanjude (earlier version), markj
Approved by: so
Security: FreeBSD-SA-24:01.bhyveload
Security: CVE-2024-25940
(cherry picked from commit
6779d44bd878e3cf4723f7386b11da6508ab5431)
(cherry picked from commit
78345dbd7a004e0a6d1b717e7dbc758ae67ca293)
projects / FreeBSD / FreeBSD.git / commit