diff options
| author | phk <phk@FreeBSD.org> | 1999-09-25 14:14:21 +0000 |
|---|---|---|
| committer | phk <phk@FreeBSD.org> | 1999-09-25 14:14:21 +0000 |
| commit | 3588b9beb9bff6f857172a7d8fc19057371a291b (patch) | |
| tree | cabb4bd024adc9b57eb20e264094cca49125f30a /sys/kern/vfs_lookup.c | |
| parent | d612df1de637eabac588385f0ef90f8d91a297de (diff) | |
| download | FreeBSD-src-3588b9beb9bff6f857172a7d8fc19057371a291b.zip FreeBSD-src-3588b9beb9bff6f857172a7d8fc19057371a291b.tar.gz | |
Fix a hole in jail(2).
Noticed by: Alexander Bezroutchko <abb@zenon.net>
Diffstat (limited to 'sys/kern/vfs_lookup.c')
| -rw-r--r-- | sys/kern/vfs_lookup.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c index e168ce5..39c46e8 100644 --- a/sys/kern/vfs_lookup.c +++ b/sys/kern/vfs_lookup.c @@ -130,6 +130,7 @@ namei(ndp) * Get starting point for the translation. */ ndp->ni_rootdir = fdp->fd_rdir; + ndp->ni_topdir = fdp->fd_jdir; dp = fdp->fd_cdir; VREF(dp); @@ -387,10 +388,14 @@ dirloop: * filesystem, then replace it with the * vnode which was mounted on so we take the * .. in the other file system. + * 3. If the vnode is the top directory of + * the jail or chroot, don't let them out. */ if (cnp->cn_flags & ISDOTDOT) { for (;;) { - if (dp == ndp->ni_rootdir || dp == rootvnode) { + if (dp == ndp->ni_rootdir || + dp == ndp->ni_topdir || + dp == rootvnode) { ndp->ni_dvp = dp; ndp->ni_vp = dp; VREF(dp); |
