Paths

Table of Contentst

lookup: fix inverted condition for test to allow dotdot.
AbandonedPublic
Actions

Authored by kib on Feb 16 2021, 5:25 AM.

Details

Reviewers

emaste
markj
arichardson
oshogbo

Group Reviewers

capsicum

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

kib requested review of this revision.Feb 16 2021, 5:25 AM

kib created this revision.

kib mentioned this in D28687: WIP: Update capsicum-test after O_BENEATH changes..Feb 16 2021, 5:30 AM

Shouldn't we return here a ECAPMODE ?
In capability mode there isn't any way where dot dot is valid right?

This revision is now accepted and ready to land.Feb 16 2021, 6:22 PM

Ups sorry I just wanted to comment it without accepting it.

In D28698#642663, @oshogbo wrote:

Shouldn't we return here a ECAPMODE ?
In capability mode there isn't any way where dot dot is valid right?

We do allow dotdots, as far as it return back to already seen directory. This is what tracker for. There is some discussion in open(2) man page about controls for it.

Long ago we disallowed any .. in capability mode, because we weren't convinced we could do it correctly. That was solved in R10:7359fdcf5ffab47dfde9b469afc6a7d8488a77aa (excluding remote filesystems).

markj added inline comments.Feb 18 2021, 5:13 PM

sys/kern/vfs_lookup.c
235	I don't understand this - shouldn't it be conditional on STRICTRELATIVE being set? This function is called even when the process is not in capability mode.

kib added inline comments.Feb 18 2021, 5:38 PM

sys/kern/vfs_lookup.c
235	LCF_STRICTRELATIVE sets LCF_CAP_DOTDOT when appropriate, i.e. when allowed, see the end of namei_setup(). On the other hand, BENEATH implies LCF_CAP_DOTDOT (otherwise it cannot work, cleared flag would turn off tracker), Or I do not understand the question.

I believe this causes some of the capsicum-test tests for O_BENEATH without capability mode to fail.

markj added inline comments.Feb 18 2021, 5:56 PM

sys/kern/vfs_lookup.c
235	Consider a context where we are not in capmode and O(_RELATIVE)_BENEATH is not specified. NI_LCF_CAP_DOTDOT will not be set, so this function will return ENOTCAPABLE when a .. lookup crosses a mount point.

kib added inline comments.Feb 18 2021, 6:25 PM

sys/kern/vfs_lookup.c

235

Do you mean this?

diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c
index 3cc4e6ddb03a..7124d4e3e146 100644
--- a/sys/kern/vfs_lookup.c
+++ b/sys/kern/vfs_lookup.c
@@ -230,7 +230,8 @@ nameicap_check_dotdot(struct nameidata *ndp, struct vnode *dp)
 	struct nameicap_tracker *nt;
 	struct mount *mp;
 
-	if (dp == NULL || dp->v_type != VDIR)
+	if (dp == NULL || dp->v_type != VDIR || (ndp->ni_lcf &
+	    (NI_LCF_OPER_BENEATH | NI_LCF_STRICTRELATIVE) == 0)
 		return (0);
 	if ((ndp->ni_lcf & NI_LCF_CAP_DOTDOT) == 0)
 		return (ENOTCAPABLE);

markj added inline comments.Feb 18 2021, 9:55 PM

sys/kern/vfs_lookup.c
235	Something like this, but I am still looking at D28699.

arichardson added inline comments.Feb 23 2021, 9:44 AM

sys/kern/vfs_lookup.c

235

Seems to mostly work with capsicum-test, however, I'm still seeing that walking up two levels and coming back in does not work with O_BENEATH (without cap_enter()):

[ RUN      ] OpenatTest.WithFlag_O_BENEATH
/local/scratch/alr48/cheri/freebsd/contrib/capsicum-test/openat.cc:286: Failure
Expected: (0) <= (_fd), actual: 0 vs -1
   errno 93 Capabilities insufficient
Google Test trace:
/local/scratch/alr48/cheri/freebsd/contrib/capsicum-test/openat.cc:286: openat(sub_fd_, "../../cap_topdir/subdir/bottomfile", O_RDONLY | oflag)

Where sub_fd is a fd for subdir

kib abandoned this revision.Feb 23 2021, 7:56 PM

Revision Contents
Changeset List

Path

Size

sys/

kern/

vfs_lookup.c

5 lines

Diff 83984

View Options

lookup: fix inverted condition for test to allow dotdot.AbandonedPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 83984

sys/kern/vfs_lookup.c

lookup: fix inverted condition for test to allow dotdot.
AbandonedPublic
Actions

Revision Contents
Changeset List