On Wed, Dec 01, 2021 at 09:26:32AM -0700, Theo de Raadt wrote:
> I don't understand.
>
> Why do you think the directory should be visible?
unveil("/", "r") should make everything visible for read. So the stat
should not fail. The fact that /usr/bin is a special snowflake because of
the extra unveil("/usr/bin/id", "rx") should not matter here.
Just realized that my diff is probably not 100% correct because
unveil("/usr/bin/id", "") should add a negative entry in the cache.
I feel we need to add an extra flag here to know how the entry was added.
--
:wq Claudio
> Sebastien Marie <[email protected]> wrote:
>
> > Hi,
> >
> > I have a program with unexpected unveil violation.
> >
> > I put the whole / read-only, and next few programs executable (the
> > purpose is to restrict the executable files to only a small set).
> >
> > The directory containing the executable is not visible anymore.
> >
> > $ cat test.c
> > #include <sys/stat.h>
> >
> > #include <err.h>
> > #include <stdio.h>
> > #include <stdlib.h>
> > #include <unistd.h>
> >
> > int
> > main(int argc, char *argv[])
> > {
> > struct stat sb;
> >
> > if (unveil("/", "r") == -1)
> > err(EXIT_FAILURE, "unveil: /");
> > if (unveil("/usr/bin/id", "rx") == -1)
> > err(EXIT_FAILURE, "unveil: /usr/bin/id");
> >
> > if (unveil(NULL, NULL) == -1)
> > err(EXIT_FAILURE, "unveil");
> >
> > if (stat("/usr/bin", &sb) == -1)
> > err(EXIT_FAILURE, "stat: /usr/bin");
> >
> > return EXIT_SUCCESS;
> > }
> > $ cc -Wall test.c
> > $ ./a.out
> > a.out: stat: /usr/bin: No such file or directory
> >
> > If I explicity add `unveil("/usr/bin", "r")`, it is working as expected.
> >
> > The order of unveil("/") and unveil("/usr/bin/id") doesn't change the
> > problem. unveil(NULL, NULL) isn't required for reproducing.
> >
