kern/54947: chroot mount file systems leak the actual path in superblock

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/54947: chroot mount file systems leak the actual path in superblock
From: kardel%netbsd.org@localhost
Date: Sat, 8 Feb 2020 08:50:00 +0000 (UTC)

>Number:         54947
>Category:       kern
>Synopsis:       mount within a chroot environment leak te actual path in the superblock
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Feb 08 08:50:00 +0000 2020
>Originator:     Frank Kardel
>Release:        NetBSD 9.99.45
>Organization:
	
>Environment:
	
	
System: NetBSD pip 9.99.45 NetBSD 9.99.45 (PIPGEN) #7: Wed Feb 5 19:24:51 CET 2020 kardel@pip:/src/NetBSD/act/src/obj.amd64/sys/arch/amd64/compile/PIPGEN amd64
Architecture: x86_64
Machine: amd64
>Description:
Mount a file system from within a chroot environment will leak the
 actual path.
 
 #pip: 9:27 / [30]# mount /dev/dk1 /targetroot
 #pip: 9:28 / [31]# umount /targetroot/
 #pip: 9:29 / [32]# fsdb -nf /dev/rdk1
 ** /dev/rdk1 (NO WRITE)
 ** File system is already clean
 Editing file system `/dev/rdk1'
 Last Mounted on /targetroot
 current inode: directory
 I=2 MODE=40755 SIZE=2048
          MTIME=Feb  2 10:15:11 2020 [0 nsec]
          CTIME=Feb  5 21:37:33 2020 [233878482 nsec]
          ATIME=Feb  5 21:43:52 2020 [313125735 nsec]
 OWNER=root GRP=wheel LINKCNT=33 FLAGS=0x0 BLKCNT=0x8 GEN=0x58ed0e25
 fsdb (inum: 2)> q
 Exit 255
 #pip: 9:29 / [33]# chroot /src/NetBSD/act/BUILD.amd64
 pip# fsdb -nf /dev/rdk1
 ** /dev/rdk1 (NO WRITE)
 ** File system is already clean
 Editing file system `/dev/rdk1'
 Last Mounted on /targetroot
 current inode: directory
 I=2 MODE=40755 SIZE=2048
          MTIME=Feb  2 09:15:11 2020 [0 nsec]
          CTIME=Feb  5 20:37:33 2020 [233878482 nsec]
          ATIME=Feb  5 20:43:52 2020 [313125735 nsec]
 OWNER=root GRP=wheel LINKCNT=33 FLAGS=0x0 BLKCNT=0x8 GEN=0x58ed0e25
 fsdb (inum: 2)> q
 pip# mount /dev/dk1 /targetroot
 pip# umount /targetroot
 pip# fsdb -nf /dev/rdk1
 ** /dev/rdk1 (NO WRITE)
 Editing file system `/dev/rdk1'
 Last Mounted on /src/NetBSD/act/BUILD.amd64/targetroot
 current inode: directory
 I=2 MODE=40755 SIZE=2048
          MTIME=Feb  2 09:15:11 2020 [0 nsec]
          CTIME=Feb  5 20:37:33 2020 [233878482 nsec]
          ATIME=Feb  5 20:43:52 2020 [313125735 nsec]
 OWNER=root GRP=wheel LINKCNT=33 FLAGS=0x0 BLKCNT=0x8 GEN=0x58ed0e25
 fsdb (inum: 2)> q
 pip#
>How-To-Repeat:
	see above
>Fix:
	check mount system call

>Unformatted:

Follow-Ups:
- Re: kern/54947: chroot mount file systems leak the actual path in superblock
  - From: Christos Zoulas

Prev by Date: Re: PR/54944 CVS commit: src/usr.sbin/sysinst
Next by Date: Re: misc/54946: O_SEARCH tests: expect revoke +x failure on NFS
Previous by Thread: misc/54946: O_SEARCH tests: expect revoke +x failure on NFS
Next by Thread: Re: kern/54947: chroot mount file systems leak the actual path in superblock
Indexes:

Home | Main Index | Thread Index | Old Index