diff options
| author | jamie <jamie@FreeBSD.org> | 2010-11-04 18:40:29 +0000 |
|---|---|---|
| committer | jamie <jamie@FreeBSD.org> | 2010-11-04 18:40:29 +0000 |
| commit | a7a7f45ee7d37f5bd9ccf10c405a51eba7027262 (patch) | |
| tree | 2f03aa6315d76e4153deb371be33445e8ab60245 /usr.sbin/jail/jail.c | |
| parent | 85767896da1c52300de322e3fc4f29fe9b7e4413 (diff) | |
| download | FreeBSD-src-a7a7f45ee7d37f5bd9ccf10c405a51eba7027262.zip FreeBSD-src-a7a7f45ee7d37f5bd9ccf10c405a51eba7027262.tar.gz | |
Check paths for security:
path must be absolute.
mount paths must exist and have no symlinks beyond the jail's path itself.
consolelog must exist (apart from the final component) and have no
symlinks beyond the jail's path itself.
Diffstat (limited to 'usr.sbin/jail/jail.c')
| -rw-r--r-- | usr.sbin/jail/jail.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/usr.sbin/jail/jail.c b/usr.sbin/jail/jail.c index 0bc1bd1..dd1b92c 100644 --- a/usr.sbin/jail/jail.c +++ b/usr.sbin/jail/jail.c @@ -659,6 +659,12 @@ create_jail(struct cfjail *j) * gives. */ if ((path = string_param(j->intparams[KP_PATH]))) { + if (path[0] != '/') { + jail_warnx(j, "path %s: not an absolute pathname", + path); + failed(j); + return -1; + } if (stat(path, &st) < 0) { jail_warnx(j, "path %s: %s", path, strerror(errno)); failed(j); |
