Add pfs_visible() checks to pfs_getattr() and pfs_getextattr(). This

also fixes pfs_access() since it relies on VOP_GETATTR() which will call pfs_getattr(). This prevents jailed processes from discovering the existence, start time and ownership of processes outside the jail. PR: kern/48156
author: des <des@FreeBSD.org> 2003-08-19 10:26:41 +0000
committer: des <des@FreeBSD.org> 2003-08-19 10:26:41 +0000
commit: fe9e1d31262b42f44b703033edd9268f99aff34a (patch)
tree: c2a5d5df276e332d3fb391d628b1724a58f340a5 /sys/fs
parent: 472beeeb6dcc8208ad13187dca45c646c3d45434 (diff)
download: FreeBSD-src-fe9e1d31262b42f44b703033edd9268f99aff34a.zip
FreeBSD-src-fe9e1d31262b42f44b703033edd9268f99aff34a.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/sys/fs/pseudofs/pseudofs_vnops.c b/sys/fs/pseudofs/pseudofs_vnops.c
index 7710934..0ac6dbc 100644
--- a/sys/fs/pseudofs/pseudofs_vnops.c
+++ b/sys/fs/pseudofs/pseudofs_vnops.c
@@ -163,6 +163,9 @@ pfs_getattr(struct vop_getattr_args *va)
 
 	PFS_TRACE((pn->pn_name));
 
+	if (!pfs_visible(curthread, pn, pvd->pvd_pid))
+		PFS_RETURN (ENOENT);
+
 	VATTR_NULL(vap);
 	vap->va_type = vn->v_type;
 	vap->va_fileid = pn->pn_fileno;
@@ -263,6 +266,9 @@ pfs_getextattr(struct vop_getextattr_args *va)
 
 	PFS_TRACE((pd->pn_name));
 
+	if (!pfs_visible(curthread, pn, pvd->pvd_pid))
+		PFS_RETURN (ENOENT);
+
 	if (pn->pn_getextattr == NULL)
 		PFS_RETURN (EOPNOTSUPP);
author	des <des@FreeBSD.org>	2003-08-19 10:26:41 +0000
committer	des <des@FreeBSD.org>	2003-08-19 10:26:41 +0000
commit	fe9e1d31262b42f44b703033edd9268f99aff34a (patch)
tree	c2a5d5df276e332d3fb391d628b1724a58f340a5 /sys/fs
parent	472beeeb6dcc8208ad13187dca45c646c3d45434 (diff)
download	FreeBSD-src-fe9e1d31262b42f44b703033edd9268f99aff34a.zip FreeBSD-src-fe9e1d31262b42f44b703033edd9268f99aff34a.tar.gz