summaryrefslogtreecommitdiff
path: root/sys/kern
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2008-04-02 19:09:14 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2008-04-02 19:09:14 +0000
commit76d856897a6b2bc1dad1236c20411b5b3956b797 (patch)
tree692c6993edfbb35c758ebcc2329c32053da26232 /sys/kern
parentcdb27bf66b25c49025564c9616441d3f762bfc6c (diff)
repair code which blocks passing fd's for block devices or
dir-outside-chroot-directory into a chroot jail ok markus
Diffstat (limited to 'sys/kern')
-rw-r--r--sys/kern/uipc_usrreq.c18
1 files changed, 8 insertions, 10 deletions
diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c
index 2d8e791aaf3..1922a57ee19 100644
--- a/sys/kern/uipc_usrreq.c
+++ b/sys/kern/uipc_usrreq.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: uipc_usrreq.c,v 1.38 2008/03/24 16:07:37 deraadt Exp $ */
+/* $OpenBSD: uipc_usrreq.c,v 1.39 2008/04/02 19:09:13 deraadt Exp $ */
/* $NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $ */
/*
@@ -622,29 +622,27 @@ unp_externalize(struct mbuf *rights)
fdp = malloc(nfds * sizeof(int), M_TEMP, M_WAITOK);
-#ifdef notyet
/* Make sure the recipient should be able to see the descriptors.. */
- if (p->p_cwdi->cwdi_rdir != NULL) {
+ if (p->p_fd->fd_rdir != NULL) {
rp = (struct file **)CMSG_DATA(cm);
for (i = 0; i < nfds; i++) {
fp = *rp++;
/*
- * If we are in a chroot'ed directory, and
- * someone wants to pass us a directory, make
- * sure it's inside the subtree we're allowed
- * to access.
+ * No to block devices. If passing a directory,
+ * make sure that it is underneath the root.
*/
if (fp->f_type == DTYPE_VNODE) {
struct vnode *vp = (struct vnode *)fp->f_data;
- if ((vp->v_type == VDIR) &&
- !vn_isunder(vp, p->p_cwdi->cwdi_rdir, p)) {
+
+ if (vp->v_type == VBLK ||
+ (vp->v_type == VDIR &&
+ !vn_isunder(vp, p->p_fd->fd_rdir, p))) {
error = EPERM;
break;
}
}
}
}
-#endif
restart:
fdplock(p->p_fd);