CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Jamie Gritton <jamie@FreeBSD.org>
	Tue, 16 Feb 2021 19:19:13 +0000 (11:19 -0800)
committer	Mark Johnston <markj@FreeBSD.org>
	Wed, 24 Feb 2021 01:41:49 +0000 (20:41 -0500)
commit	b306be13a9c7ea0db8979a8a53dca93f90ec59cc
tree	f7169b8f9aed05f2527fcd9e2924aab0acb22cf3	tree \| snapshot
parent	32ed3ad05e5aecd919e879e9440a5b2f86c794db	commit \| diff

MFC jail: Handle a possible race between jail_remove(2) and fork(2)

jail_remove(2) includes a loop that sends SIGKILL to all processes
in a jail, but skips processes in PRS_NEW state. Thus it is possible
the a process in mid-fork(2) during jail removal can survive the jail
being removed.

Add a prison flag PR_REMOVE, which is checked before the new process
returns. If the jail is being removed, the process will then exit.
Also check this flag in jail_attach(2) which has a similar issue.

Approved by: so
Security: CVE-2020-25581
Security: FreeBSD-SA-21:04.jail_remove
Reported by: mjg
Approved by: kib

(cherry picked from commit cc7b73065302005ebc4a19503188c8d6d5eb923d)
(cherry picked from commit f7007a7d05255a6859dea0982b1f0a6d695e8881)

sys/kern/kern_fork.c		diff \| blob \| history
sys/kern/kern_jail.c		diff \| blob \| history
sys/sys/jail.h		diff \| blob \| history