[PATCH 0/3 v3] fs: allow to use dirfd as root for openat and other *at syscalls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The problem is that a pathname can contain absolute symlinks and now
they are resolved relative to the current root.

It may be a problem if you want to open a file in another namespace.
For example, you open /proc/PID/root for a process from the target
namespace and then you use openat() to open a file from this namespace.

If a path to the file contains an absolute symlink, you will open a file
from the current namespace, because a symlink will be resolved relative
to the current root.

A proposed solution adds a new flag which means that dirfd should be
set as a root for a current system call (openat(), statat(), etc).

Here are examples how we can open a file in a contex of another process.

How we can do this without these changes:

	old_root = open("/", O_PATH);
	old_cwd = open(".", O_PATH);
	chroot("/proc/PID/root");

	fd = open(pathname, O_RDONLY);

	fchdir(old_root); /* emulate fchroot() */
	chroot(".");
	fchdir(old_cwd);

	close(old_cwd);
	close(old_root);

How this code is simplified with new flags:
	dirfd = open("/proc/PID/root", O_PATH);
	fd = open(dirfd, pathname, O_RDONLY | O_ATROOT);
	close(dirfd);

One more thing is that chroot isn't available for unprivileged users.

We met this problem, when we tryed to dump an ubuntu container and
failed to resolve /proc/PID/root/var/run/mysqld/mysqld.sock, because
/var/run was a symlink to /run.

Changes since the first version:
- change a value of O_ATROOT to not intersect with other constants. 
Changes since the second version:
- initialize nd->root_seq (thanks to Omar Sandoval for reporting and
  fixing this issue)

Cc: Alexander Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Cc: Arnd Bergmann <arnd@xxxxxxxx>
Cc: "J. Bruce Fields" <bfields@xxxxxxxxxx>
Cc: Miklos Szeredi <mszeredi@xxxxxxxxxx>
Cc: NeilBrown <neilb@xxxxxxx>
Cc: Shuah Khan <shuahkh@xxxxxxxxxxxxxxx>
Cc: Omar Sandoval <osandov@xxxxxxxxxxx>
Signed-off-by: Andrey Vagin <avagin@xxxxxxxxxx>

Andrey Vagin (3):
  namei: add LOOKUP_DFD_ROOT to use dfd as root
  fs: allow to use dirfd as root for openat and other *at syscalls
  selftests: check O_ATROOT and AT_FDROOT flags

 fs/exec.c                                       |  4 +-
 fs/namei.c                                      | 42 +++++++++++----
 fs/open.c                                       |  6 ++-
 fs/stat.c                                       |  4 +-
 fs/utimes.c                                     |  4 +-
 include/linux/namei.h                           |  2 +
 include/uapi/asm-generic/fcntl.h                |  4 ++
 include/uapi/linux/fcntl.h                      |  1 +
 tools/testing/selftests/Makefile                |  1 +
 tools/testing/selftests/lookup/.gitignore       |  1 +
 tools/testing/selftests/lookup/Makefile         |  8 +++
 tools/testing/selftests/lookup/lookup_at_root.c | 71 +++++++++++++++++++++++++
 tools/testing/selftests/lookup/run.sh           | 14 +++++
 13 files changed, 148 insertions(+), 14 deletions(-)
 create mode 100644 tools/testing/selftests/lookup/.gitignore
 create mode 100644 tools/testing/selftests/lookup/Makefile
 create mode 100644 tools/testing/selftests/lookup/lookup_at_root.c
 create mode 100755 tools/testing/selftests/lookup/run.sh

-- 
2.5.5

--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux