From b0df0962988a2b972143a20c69f52cd54c1d196b Mon Sep 17 00:00:00 2001
From: Max Wipfli <mail@maxwipfli.ch>
Date: Sun, 13 Feb 2022 17:31:33 +0100
Subject: [PATCH] Kernel/VFS: Add FIXMEs about error codes leaking data from
 veiled paths

Error codes can leak information about veiled paths, if the path
resolution fails with e.g. EACCESS.

This is non-trivial to fix, as there is a group of error codes we want
to propagate to the caller, such as ENOMEM.
---
 Kernel/FileSystem/VirtualFileSystem.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Kernel/FileSystem/VirtualFileSystem.cpp b/Kernel/FileSystem/VirtualFileSystem.cpp
index 5c0426cd51..ca63fdd7da 100644
--- a/Kernel/FileSystem/VirtualFileSystem.cpp
+++ b/Kernel/FileSystem/VirtualFileSystem.cpp
@@ -363,6 +363,8 @@ ErrorOr<void> VirtualFileSystem::mkdir(StringView path, mode_t mode, Custody& ba
     }
 
     RefPtr<Custody> parent_custody;
+    // FIXME: The errors returned by resolve_path_without_veil can leak information about paths that are not unveiled,
+    //        e.g. when the error is EACCESS or similar.
     auto result = resolve_path_without_veil(path, base, &parent_custody);
     if (!result.is_error())
         return EEXIST;
@@ -828,6 +830,8 @@ ErrorOr<void> VirtualFileSystem::validate_path_against_process_veil(StringView p
 
 ErrorOr<NonnullRefPtr<Custody>> VirtualFileSystem::resolve_path(StringView path, Custody& base, RefPtr<Custody>* out_parent, int options, int symlink_recursion_level)
 {
+    // FIXME: The errors returned by resolve_path_without_veil can leak information about paths that are not unveiled,
+    //        e.g. when the error is EACCESS or similar.
     auto custody = TRY(resolve_path_without_veil(path, base, out_parent, options, symlink_recursion_level));
     if (auto result = validate_path_against_process_veil(*custody, options); result.is_error()) {
         if (out_parent)