sszllxos opened a new pull request, #17270:
URL: https://github.com/apache/nuttx/pull/17270
## Summary
This commit addresses an issue of multiple invalid loops in the
rpmsgfs_mkpath function under specific cross-system mount scenarios.
Problem Description:
The mount command in the NuttX shell is as follows:
mount -t rpmsgfs -o cpu=server,fs=/root/demo/fold /nuttx_fold
Running “ls nuttx_fold“ correctly lists the contents of the
/root/demo/fold directory on the Linux side. However, if NuttX is compromised
by a hacker, the hacker could modify the input parameters of the ls command.
Without directory access restrictions implemented on the Linux side, this would
allow the hacker to arbitrarily access any directory on the Linux system.
When directory access restrictions are implemented on the Linux
side—such as modifying the rpmsgfs driver on the Linux side to return
"permission deny" upon detecting unauthorized access—the rpmsgfs_client_stat
function in rpmsgfs_mkpath (on the NuttX side) fails to handle this error and
continues waiting in the while loop.
## Impact
Only modifies the error handling branch in rpmsgfs_mkpath, with no
impact on other functions of the rpmsgfs module.
## Testing
In the Linux shell, create the directory /root/demo/fold, and restrict
NuttX from accessing the fold directory itself by configuring the rpmsg_fs
driver.
In Nuttx shell:
mount -t rpmsgfs -o cpu=server,fs=/root/demo/fold /nuttx_fold
ls /nuttx_fold
Nuttx shell output:
proxy> mount -t rpmsgfs -o cpu=server,fs=/root/demo/fold nuttx_fold
proxy> ls
proxy> ls nuttx_fold
nsh: ls: stat failed: 13
Signed-off-by: Lijing [email protected]
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
