RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 08:58:11 +00:00
Code Issues Activity Actions

Kernel: Reject create links on paths that were not unveiled as writable

Browse source 
This solves one of the security issues being mentioned in issue #15996.
We simply don't allow creating hardlinks on paths that were not unveiled
as writable to prevent possible bypass on a certain path that was
unveiled as non-writable.
This commit is contained in:
Liav A 2022-11-26 11:48:02 +02:00 committed by Andrew Kaster
parent 0eeba7084d
commit 69f41eb062
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Kernel/FileSystem/VirtualFileSystem.cpp
View file

@ -723,7 +723,9 @@ static bool hard_link_allowed(Credentials const& credentials, Inode const& inode
ErrorOr<void> VirtualFileSystem::link(Credentials const& credentials, StringView old_path, StringView new_path, Custody& base) ErrorOr<void> VirtualFileSystem::link(Credentials const& credentials, StringView old_path, StringView new_path, Custody& base)
{ {
auto old_custody = TRY(resolve_path(credentials, old_path, base)); // NOTE: To prevent unveil bypass by creating an hardlink after unveiling a path as read-only,
// check that if write permission is allowed by the veil info on the old_path.
auto old_custody = TRY(resolve_path(credentials, old_path, base, nullptr, O_RDWR));
auto& old_inode = old_custody->inode(); auto& old_inode = old_custody->inode();
RefPtr<Custody> parent_custody; RefPtr<Custody> parent_custody;