Add pfs_visible() checks to pfs_getattr() and pfs_getextattr(). This

also fixes pfs_access() since it relies on VOP_GETATTR() which will call pfs_getattr(). This prevents jailed processes from discovering the existence, start time and ownership of processes outside the jail. PR: kern/48156
svn path=/head/; revision=119122
2024-12-17 10:26:15 +00:00 · 2003-08-19 10:26:41 +00:00 · 2003-08-19 10:26:41 +00:00 · 134ce0f9cc · 2020-12-20 02:59:44 +00:00
commit 134ce0f9cc
parent 98b8dc587d
1 changed files with 6 additions and 0 deletions
--- a/sys/fs/pseudofs/pseudofs_vnops.c
+++ b/sys/fs/pseudofs/pseudofs_vnops.c
@ -163,6 +163,9 @@ pfs_getattr(struct vop_getattr_args *va)

 	PFS_TRACE((pn->pn_name));

+	if (!pfs_visible(curthread, pn, pvd->pvd_pid))
+		PFS_RETURN (ENOENT);
+
 	VATTR_NULL(vap);
 	vap->va_type = vn->v_type;
 	vap->va_fileid = pn->pn_fileno;
@ -263,6 +266,9 @@ pfs_getextattr(struct vop_getextattr_args *va)

 	PFS_TRACE((pd->pn_name));

+	if (!pfs_visible(curthread, pn, pvd->pvd_pid))
+		PFS_RETURN (ENOENT);
+
 	if (pn->pn_getextattr == NULL)
 		PFS_RETURN (EOPNOTSUPP);