]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b306be1) | patch
MFC jail: Change both root and working directories in jail_attach(2)
authorJamie Gritton <jamie@FreeBSD.org>
Fri, 19 Feb 2021 22:13:35 +0000 (14:13 -0800)
committerMark Johnston <markj@FreeBSD.org>
Wed, 24 Feb 2021 01:41:57 +0000 (20:41 -0500)
commit4dd124c3171db9cd7fbcc49d8081de590a065d0b
treef1139609139fbb11e28a0d15d5e641de0fff0cebtree | snapshot
parentb306be13a9c7ea0db8979a8a53dca93f90ec59cccommit | diff
MFC jail: Change both root and working directories in jail_attach(2)

jail_attach(2) performs an internal chroot operation, leaving it up to
the calling process to assure the working directory is inside the jail.

Add a matching internal chdir operation to the jail's root.  Also
ignore kern.chroot_allow_open_directories, and always disallow the
operation if there are any directory descriptors open.

Approved by: so
Security: CVE-2020-25582
Security: FreeBSD-SA-21:05.jail_chdir
Reported by:    mjg
Approved by:    markj, kib

(cherry picked from commit d4380c0cdd0517dc038403dd5c99242ce78bdeb5)
(cherry picked from commit ca9ab8ea17748a1758701fde262cb272fb757989)
lib/libc/sys/jail.2 diff | blob | history
sys/kern/kern_descrip.c diff | blob | history
sys/kern/kern_jail.c diff | blob | history
sys/sys/filedesc.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.