diff options
| author | Liav A <liavalb@gmail.com> | 2022-10-21 19:29:50 +0300 |
|---|---|---|
| committer | Linus Groh <mail@linusgroh.de> | 2022-10-22 19:18:15 +0200 |
| commit | 07387ec19af987f4ce095197824ef6a2d53533b4 (patch) | |
| tree | a1ef2f08c2946a20fab83ffd43d03c5eb048a954 | |
| parent | 97f8927da6bcfe6a84fb68b06377eb897cc49446 (diff) | |
| download | serenity-07387ec19af987f4ce095197824ef6a2d53533b4.zip | |
Kernel+Base: Introduce MS_NOREGULAR mount flag
This flag doesn't conform to any POSIX standard nor is found in any OS
out there. The idea behind this mount flag is to ensure that only
non-regular files will be placed in a filesystem, which includes device
nodes, symbolic links, directories, FIFOs and sockets. Currently, the
only valid case for using this mount flag is for TmpFS instances, where
we want to mount a TmpFS but disallow any kind of regular file and only
allow other types of files on the filesystem.
| -rw-r--r-- | Base/usr/share/man/man2/mount.md | 1 | ||||
| -rw-r--r-- | Kernel/API/POSIX/unistd.h | 1 | ||||
| -rw-r--r-- | Kernel/FileSystem/VirtualFileSystem.cpp | 5 |
3 files changed, 7 insertions, 0 deletions
diff --git a/Base/usr/share/man/man2/mount.md b/Base/usr/share/man/man2/mount.md index 0dd9c99a41..bb6e5a72c4 100644 --- a/Base/usr/share/man/man2/mount.md +++ b/Base/usr/share/man/man2/mount.md @@ -39,6 +39,7 @@ The following `flags` are supported: * `MS_REMOUNT`: Remount an already mounted filesystem (see below). * `MS_WXALLOWED`: Allow W^X protection circumvention for executables on this file system. * `MS_AXALLOWED`: Allow anonymous executable mappings for executables on this file system. +* `MS_NOREGULAR`: Disallow opening any regular files from this file system. These flags can be used as a security measure to limit the possible abuses of the newly mounted file system. diff --git a/Kernel/API/POSIX/unistd.h b/Kernel/API/POSIX/unistd.h index efa35bce14..5c8bec1e2f 100644 --- a/Kernel/API/POSIX/unistd.h +++ b/Kernel/API/POSIX/unistd.h @@ -29,6 +29,7 @@ extern "C" { #define MS_REMOUNT (1 << 5) #define MS_WXALLOWED (1 << 6) #define MS_AXALLOWED (1 << 7) +#define MS_NOREGULAR (1 << 8) enum { _SC_MONOTONIC_CLOCK, diff --git a/Kernel/FileSystem/VirtualFileSystem.cpp b/Kernel/FileSystem/VirtualFileSystem.cpp index 1a120a9d1f..5960a3a83b 100644 --- a/Kernel/FileSystem/VirtualFileSystem.cpp +++ b/Kernel/FileSystem/VirtualFileSystem.cpp @@ -263,6 +263,9 @@ ErrorOr<NonnullLockRefPtr<OpenFileDescription>> VirtualFileSystem::open(Credenti auto& inode = custody.inode(); auto metadata = inode.metadata(); + if (metadata.is_regular_file() && (custody.mount_flags() & MS_NOREGULAR)) + return EACCES; + if ((options & O_DIRECTORY) && !metadata.is_directory()) return ENOTDIR; @@ -370,6 +373,8 @@ ErrorOr<NonnullLockRefPtr<OpenFileDescription>> VirtualFileSystem::create(Creden return EACCES; if (parent_custody.is_readonly()) return EROFS; + if (is_regular_file(mode) && (parent_custody.mount_flags() & MS_NOREGULAR)) + return EACCES; dbgln_if(VFS_DEBUG, "VirtualFileSystem::create: '{}' in {}", basename, parent_inode.identifier()); auto uid = owner.has_value() ? owner.value().uid : credentials.euid(); |