From 54cb1e36b6b91bec43f7fb96a2075d316f5fea6a Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Sat, 4 Apr 2020 16:40:36 +0200
Subject: [PATCH] Kernel: Enforce file system veil on file creation

Fixes #1621.
---
 Kernel/FileSystem/VirtualFileSystem.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Kernel/FileSystem/VirtualFileSystem.cpp b/Kernel/FileSystem/VirtualFileSystem.cpp
index ebf3a69100..b4a74d3a5f 100644
--- a/Kernel/FileSystem/VirtualFileSystem.cpp
+++ b/Kernel/FileSystem/VirtualFileSystem.cpp
@@ -305,6 +305,10 @@ KResult VFS::mknod(StringView path, mode_t mode, dev_t dev, Custody& base)
 
 KResultOr<NonnullRefPtr<FileDescription>> VFS::create(StringView path, int options, mode_t mode, Custody& parent_custody, Optional<UidAndGid> owner)
 {
+    auto result = validate_path_against_process_veil(path, options);
+    if (result.is_error())
+        return result;
+
     if (!is_socket(mode) && !is_fifo(mode) && !is_block_device(mode) && !is_character_device(mode)) {
         // Turn it into a regular file. (This feels rather hackish.)
         mode |= 0100000;