mirror of
https://github.com/RGBCube/serenity
synced 2025-05-29 06:55:07 +00:00
Kernel: Ensure that an unveil node with no permission is never accepted
Otherwise nodes inheriting from root may still be accessed with `access(..., F_OK)`. Also adds a test case to TestKernelUnveil about this behaviour.
This commit is contained in:
parent
8ce015742d
commit
90de1ded55
2 changed files with 5 additions and 1 deletions
|
@ -851,7 +851,7 @@ KResult VFS::validate_path_against_process_veil(StringView path, int options)
|
|||
return EINVAL;
|
||||
|
||||
auto* unveiled_path = find_matching_unveiled_path(path);
|
||||
if (!unveiled_path) {
|
||||
if (!unveiled_path || unveiled_path->permissions() == UnveilAccess::None) {
|
||||
dbgln("Rejecting path '{}' since it hasn't been unveiled.", path);
|
||||
dump_backtrace();
|
||||
return ENOENT;
|
||||
|
|
|
@ -52,4 +52,8 @@ TEST_CASE(test_failures)
|
|||
res = unveil("/bin", "w");
|
||||
if (res >= 0)
|
||||
FAIL("unveil permitted after unveil state locked");
|
||||
|
||||
res = access("/bin/id", F_OK);
|
||||
if (res == 0)
|
||||
FAIL("access(..., F_OK) permitted after locked veil without relevant unveil");
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue