We use cookies to ensure you get the best experience on our website
Home Verkennen Help
Registreren Inloggen
0ct0pu5
/
ladybird
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Bladeren bron

Kernel: Ensure that an unveil node with no permission is never accepted

Otherwise nodes inheriting from root may still be accessed with
`access(..., F_OK)`.
Also adds a test case to TestKernelUnveil about this behaviour.
Ali Mohammad Pur 4 jaren geleden
bovenliggende
8ce015742d
commit
90de1ded55
2 gewijzigde bestanden met toevoegingen van 5 en 1 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 1 1
      Kernel/FileSystem/VirtualFileSystem.cpp
  2. 4 0
      Tests/Kernel/TestKernelUnveil.cpp

+ 1 - 1
Kernel/FileSystem/VirtualFileSystem.cpp
Bestand weergeven 

@@ -851,7 +851,7 @@ KResult VFS::validate_path_against_process_veil(StringView path, int options)
 
         return EINVAL;
 
 
     auto* unveiled_path = find_matching_unveiled_path(path);
 
-    if (!unveiled_path) {
 
+    if (!unveiled_path || unveiled_path->permissions() == UnveilAccess::None) {
 
         dbgln("Rejecting path '{}' since it hasn't been unveiled.", path);
 
         dump_backtrace();
 
         return ENOENT;

+ 4 - 0
Tests/Kernel/TestKernelUnveil.cpp
Bestand weergeven 

@@ -52,4 +52,8 @@ TEST_CASE(test_failures)
 
     res = unveil("/bin", "w");
 
     if (res >= 0)
 
         FAIL("unveil permitted after unveil state locked");
 
+
 
+    res = access("/bin/id", F_OK);
 
+    if (res == 0)
 
+        FAIL("access(..., F_OK) permitted after locked veil without relevant unveil");
 
 }

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5