From e8f491b01de29408aab7933e32a3885b708f5409 Mon Sep 17 00:00:00 2001 From: Max Wipfli Date: Sun, 11 Jul 2021 14:50:15 +0200 Subject: [PATCH] Kernel/VFS: Validate paths against process veil in mkdir() VirtualFileSystem::mkdir() relies on resolve_path() returning an error, since it is only interested in the out_parent passed as a pointer. Since resolve_path_without_veil returns an error, no process veil validation is done by resolve_path() in that case. Due to this problem, mkdir() should use resolve_path_without_veil() and then manually validate if the parent directory of the to-be-created directory is unveiled with 'c' permissions. This fixes a bug where the mkdir syscall would not respect the process veil at all. --- Kernel/FileSystem/VirtualFileSystem.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Kernel/FileSystem/VirtualFileSystem.cpp b/Kernel/FileSystem/VirtualFileSystem.cpp index c2a3f4d565..5c0426cd51 100644 --- a/Kernel/FileSystem/VirtualFileSystem.cpp +++ b/Kernel/FileSystem/VirtualFileSystem.cpp @@ -363,7 +363,7 @@ ErrorOr VirtualFileSystem::mkdir(StringView path, mode_t mode, Custody& ba } RefPtr parent_custody; - auto result = resolve_path(path, base, &parent_custody); + auto result = resolve_path_without_veil(path, base, &parent_custody); if (!result.is_error()) return EEXIST; else if (!parent_custody) @@ -371,6 +371,7 @@ ErrorOr VirtualFileSystem::mkdir(StringView path, mode_t mode, Custody& ba // NOTE: If resolve_path fails with a non-null parent custody, the error should be ENOENT. VERIFY(result.error().code() == ENOENT); + TRY(validate_path_against_process_veil(*parent_custody, O_CREAT)); auto& parent_inode = parent_custody->inode(); auto& current_process = Process::current(); if (!parent_inode.metadata().may_write(current_process))