diff options
| author | Ali Mohammad Pur <ali.mpfard@gmail.com> | 2021-05-30 00:05:55 +0430 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2021-05-29 22:05:34 +0200 |
| commit | 90de1ded55313259eaa07185e47f67a6c4b35bdd (patch) | |
| tree | 353e759edb47ff991769779055af5473df4d8dd3 /Kernel/FileSystem/VirtualFileSystem.cpp | |
| parent | 8ce015742d32a390f965e5d75252fd0a73aef388 (diff) | |
| download | serenity-90de1ded55313259eaa07185e47f67a6c4b35bdd.zip | |
Kernel: Ensure that an unveil node with no permission is never accepted
Otherwise nodes inheriting from root may still be accessed with
`access(..., F_OK)`.
Also adds a test case to TestKernelUnveil about this behaviour.
Diffstat (limited to 'Kernel/FileSystem/VirtualFileSystem.cpp')
| -rw-r--r-- | Kernel/FileSystem/VirtualFileSystem.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Kernel/FileSystem/VirtualFileSystem.cpp b/Kernel/FileSystem/VirtualFileSystem.cpp index 299a34fae1..60e5be0026 100644 --- a/Kernel/FileSystem/VirtualFileSystem.cpp +++ b/Kernel/FileSystem/VirtualFileSystem.cpp @@ -851,7 +851,7 @@ KResult VFS::validate_path_against_process_veil(StringView path, int options) return EINVAL; auto* unveiled_path = find_matching_unveiled_path(path); - if (!unveiled_path) { + if (!unveiled_path || unveiled_path->permissions() == UnveilAccess::None) { dbgln("Rejecting path '{}' since it hasn't been unveiled.", path); dump_backtrace(); return ENOENT; |