Kernel: Add a basic chroot() syscall :^)

The chroot() syscall now allows the superuser to isolate a process into a specific subtree of the filesystem. This is not strictly permanent, as it is also possible for a superuser to break *out* of a chroot, but it is a useful mechanism for isolating unprivileged processes. The VFS now uses the current process's root_directory() as the root for path resolution purposes. The root directory is stored as an uncached Custody in the Process object.
Author: https://github.com/awesomekling Commit: https://github.com/SerenityOS/serenity/commit/ddd0b192819
2020-01-10 23:14:04 +01:00 · 2020-01-10 23:14:04 +01:00 · ddd0b19281 · 2024-07-19 10:12:48 +09:00
commit ddd0b19281
parent 944fbf507a
7 changed files with 63 additions and 8 deletions
--- a/Kernel/FileSystem/VirtualFileSystem.cpp
+++ b/Kernel/FileSystem/VirtualFileSystem.cpp
@ -52,7 +52,7 @@ KResult VFS::mount(NonnullRefPtr<FS>&& file_system, Custody& mount_point)
 KResult VFS::mount(NonnullRefPtr<FS>&& file_system, StringView path)
 {
    LOCKER(m_lock);
-    auto result = resolve_path(path, root_custody());
+    auto result = resolve_path(path, current->process().root_directory());
    if (result.is_error()) {
        dbg() << "VFS: mount can't resolve mount point '" << path << "'";
        return result.error();
@ -667,11 +667,13 @@ KResultOr<NonnullRefPtr<Custody>> VFS::resolve_path(StringView path, Custody& ba
    auto parts = path.split_view('/', true);
    InodeIdentifier crumb_id;

+    auto& current_root = current->process().root_directory();
+
    NonnullRefPtrVector<Custody, 32> custody_chain;

    if (path[0] == '/') {
-        custody_chain.append(root_custody());
-        crumb_id = root_inode_id();
+        custody_chain.append(current_root);
+        crumb_id = current_root.inode().identifier();
    } else {
        for (auto* custody = &base; custody; custody = custody->parent()) {
            // FIXME: Prepending here is not efficient! Fix this.
@ -684,7 +686,7 @@ KResultOr<NonnullRefPtr<Custody>> VFS::resolve_path(StringView path, Custody& ba
        *parent_custody = custody_chain.last();

    for (int i = 0; i < parts.size(); ++i) {
-        bool inode_was_root_at_head_of_loop = crumb_id.is_root_inode();
+        bool inode_was_root_at_head_of_loop = current_root.inode().identifier() == crumb_id;
        auto crumb_inode = get_inode(crumb_id);
        if (!crumb_inode)
            return KResult(-EIO);
@ -715,7 +717,7 @@ KResultOr<NonnullRefPtr<Custody>> VFS::resolve_path(StringView path, Custody& ba
        }
        if (auto mount = find_mount_for_host(crumb_id))
            crumb_id = mount->guest();
-        if (inode_was_root_at_head_of_loop && crumb_id.is_root_inode() && !is_vfs_root(crumb_id) && part == "..") {
+        if (inode_was_root_at_head_of_loop && crumb_id.is_root_inode() && crumb_id != current_root.inode().identifier() && part == "..") {
            auto mount = find_mount_for_guest(crumb_id);
            auto dir_inode = get_inode(mount->host());
            ASSERT(dir_inode);
@ -724,7 +726,7 @@ KResultOr<NonnullRefPtr<Custody>> VFS::resolve_path(StringView path, Custody& ba
        crumb_inode = get_inode(crumb_id);
        ASSERT(crumb_inode);

-        custody_chain.append(Custody::get_or_create(&custody_chain.last(), part, *crumb_inode));
+        custody_chain.append(Custody::create(&custody_chain.last(), part, *crumb_inode));

        metadata = crumb_inode->metadata();
        if (metadata.is_directory()) {
--- a/Kernel/Process.cpp
+++ b/Kernel/Process.cpp
@ -565,6 +565,7 @@ pid_t Process::sys$fork(RegisterDump& regs)
 {
    Thread* child_first_thread = nullptr;
    auto* child = new Process(child_first_thread, m_name, m_uid, m_gid, m_pid, m_ring, m_cwd, m_executable, m_tty, this);
+    child->m_root_directory = m_root_directory;

 #ifdef FORK_DEBUG
    dbgprintf("fork: child=%p\n", child);
@ -966,15 +967,21 @@ Process* Process::create_user_process(Thread*& first_thread, const String& path,
        arguments.append(parts.last());
    }
    RefPtr<Custody> cwd;
+    RefPtr<Custody> root;
    {
        InterruptDisabler disabler;
-        if (auto* parent = Process::from_pid(parent_pid))
+        if (auto* parent = Process::from_pid(parent_pid)) {
            cwd = parent->m_cwd;
+            root = parent->m_root_directory;
+        }
    }

    if (!cwd)
        cwd = VFS::the().root_custody();

+    if (!root)
+        root = VFS::the().root_custody();
+
    auto* process = new Process(first_thread, parts.take_last(), uid, gid, parent_pid, Ring3, move(cwd), nullptr, tty);

    error = process->exec(path, move(arguments), move(environment));
@ -2650,6 +2657,7 @@ void Process::finalize()
    m_tty = nullptr;
    m_executable = nullptr;
    m_cwd = nullptr;
+    m_root_directory = nullptr;
    m_elf_loader = nullptr;

    disown_all_shared_buffers();
@ -4127,3 +4135,29 @@ int Process::sys$set_process_boost(pid_t pid, int amount)
    process->m_priority_boost = amount;
    return 0;
 }
+
+int Process::sys$chroot(const char* user_path, size_t path_length)
+{
+    if (!is_superuser())
+        return -EPERM;
+    auto path = get_syscall_path_argument(user_path, path_length);
+    if (path.is_error())
+        return path.error();
+    auto directory_or_error = VFS::the().open_directory(path.value(), current_directory());
+    if (directory_or_error.is_error())
+        return directory_or_error.error();
+    set_root_directory(Custody::create(nullptr, "", directory_or_error.value()->inode()));
+    return 0;
+}
+
+Custody& Process::root_directory()
+{
+    if (!m_root_directory)
+        m_root_directory = VFS::the().root_custody();
+    return *m_root_directory;
+}
+
+void Process::set_root_directory(const Custody& root)
+{
+    m_root_directory = root;
+}
--- a/Kernel/Process.h
+++ b/Kernel/Process.h
@ -229,6 +229,7 @@ public:
    int sys$futex(const Syscall::SC_futex_params*);
    int sys$set_thread_boost(int tid, int amount);
    int sys$set_process_boost(pid_t, int amount);
+    int sys$chroot(const char* path, size_t path_length);

    static void initialize();

@ -309,6 +310,9 @@ public:

    u32 priority_boost() const { return m_priority_boost; }

+    Custody& root_directory();
+    void set_root_directory(const Custody&);
+
 private:
    friend class MemoryManager;
    friend class Scheduler;
@ -369,6 +373,7 @@ private:

    RefPtr<Custody> m_executable;
    RefPtr<Custody> m_cwd;
+    RefPtr<Custody> m_root_directory;

    RefPtr<TTY> m_tty;

--- a/Kernel/Syscall.h
+++ b/Kernel/Syscall.h
@ -147,7 +147,8 @@ typedef u32 socklen_t;
    __ENUMERATE_SYSCALL(get_kernel_info_page)       \
    __ENUMERATE_SYSCALL(futex)                      \
    __ENUMERATE_SYSCALL(set_thread_boost)           \
-    __ENUMERATE_SYSCALL(set_process_boost)
+    __ENUMERATE_SYSCALL(set_process_boost)          \
+    __ENUMERATE_SYSCALL(chroot)

 namespace Syscall {

--- a/Kernel/init.cpp
+++ b/Kernel/init.cpp
@ -145,6 +145,8 @@ VFS* vfs;
        hang();
    }

+    current->process().set_root_directory(vfs->root_custody());
+
    dbgprintf("Load ksyms\n");
    load_ksyms();
    dbgprintf("Loaded ksyms\n");
--- a/Libraries/LibC/unistd.cpp
+++ b/Libraries/LibC/unistd.cpp
@ -617,4 +617,14 @@ int get_process_name(char* buffer, int buffer_size)
    int rc = syscall(SC_get_process_name, buffer, buffer_size);
    __RETURN_WITH_ERRNO(rc, rc, -1);
 }
+
+int chroot(const char* path)
+{
+    if (!path) {
+        errno = EFAULT;
+        return -1;
+    }
+    int rc = syscall(SC_chroot, path, strlen(path));
+    __RETURN_WITH_ERRNO(rc, rc, -1);
+}
 }
--- a/Libraries/LibC/unistd.h
+++ b/Libraries/LibC/unistd.h
@ -51,6 +51,7 @@ int execvpe(const char* filename, char* const argv[], char* const envp[]);
 int execvp(const char* filename, char* const argv[]);
 int execl(const char* filename, const char* arg, ...);
 int execlp(const char* filename, const char* arg, ...);
+int chroot(const char* path);
 void sync();
 void _exit(int status);
 pid_t getsid(pid_t);