Skip to content
  • Tetsuo Handa's avatar
    a2075167
    tomoyo: Loosen pathname/domainname validation. · a2075167
    Tetsuo Handa authored
    
    
    Since commit e2dc9bf3 ("umd: Transform fork_usermode_blob into
    fork_usermode_driver") started calling execve() on a program written in
    a local mount which is not connected to mount tree,
    tomoyo_realpath_from_path() started returning a pathname in
    "$fsname:/$pathname" format which violates TOMOYO's domainname rule that
    it must start with "<$namespace>" followed by zero or more repetitions of
    pathnames which start with '/'.
    
    Since $fsname must not contain '.' since commit 79c0b2df ("add
    filesystem subtype support"), tomoyo_correct_path() can recognize a token
    which appears '/' before '.' appears (e.g. proc:/self/exe ) as a pathname
    while rejecting a token which appears '.' before '/' appears (e.g.
    exec.realpath="/bin/bash" ) as a condition parameter.
    
    Therefore, accept domainnames which contain pathnames which do not start
    with '/' but contain '/' before '.' (e.g. <kernel> tmpfs:/bpfilter_umh ).
    
    Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    a2075167
    tomoyo: Loosen pathname/domainname validation.
    Tetsuo Handa authored
    
    
    Since commit e2dc9bf3 ("umd: Transform fork_usermode_blob into
    fork_usermode_driver") started calling execve() on a program written in
    a local mount which is not connected to mount tree,
    tomoyo_realpath_from_path() started returning a pathname in
    "$fsname:/$pathname" format which violates TOMOYO's domainname rule that
    it must start with "<$namespace>" followed by zero or more repetitions of
    pathnames which start with '/'.
    
    Since $fsname must not contain '.' since commit 79c0b2df ("add
    filesystem subtype support"), tomoyo_correct_path() can recognize a token
    which appears '/' before '.' appears (e.g. proc:/self/exe ) as a pathname
    while rejecting a token which appears '.' before '/' appears (e.g.
    exec.realpath="/bin/bash" ) as a condition parameter.
    
    Therefore, accept domainnames which contain pathnames which do not start
    with '/' but contain '/' before '.' (e.g. <kernel> tmpfs:/bpfilter_umh ).
    
    Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Loading