Date: Mon, 20 Jan 2003 19:02:31 +0300 (MSK) From: Maxim Konovalov <maxim@FreeBSD.org> To: qhwt@myrealbox.com Cc: current@FreeBSD.org, "" <jhb@FreeBSD.org>, "" <rwatson@FreeBSD.org> Subject: Re: panic trying to chroot(2) on a script(?) Message-ID: <20030120185431.H53795@news1.macomnet.ru> In-Reply-To: <20021003145236.GA633.qhwt@myrealbox.com> References: <20021003145236.GA633.qhwt@myrealbox.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[ CC: jhb and rwatson ] On 23:52+0900, Oct 3, 2002, qhwt@myrealbox.com wrote: > Hello. > Last night I was trying to start an anonymous ftp server on my > -current box for my local network. I made a mistake in vipw: > > ftp:*:44444:44444:Unprivileged user:/sbin/nologin:/home/mp3 > > i.e., wrote a path to a script where directory is needed, and directory > where path to shell is needed. Without noticing, I started ftpd in > standalone mode, and logged in as user ftp, when the box panicked: > > # /usr/libexec/ftpd -AD > # ftp -4 localhost > > On 4.7-RC1 box, this just spewed an error message in /var/log/messages > and didn't panic, and man 2 chroot doesn't state it should. > If there's something other than the backtrace(attached), let me know it. Yep, chroot("") panics -current. AFAIU the problem is in rev. 1.268 sys/kern/vfs_syscalls.c, we call vrele(9) in NDFREE(9) on already vrele-ed vnode (change_dir() cares about that). Here is my patch but I need someone with more experience in this area. Index: vfs_syscalls.c =================================================================== RCS file: /home/ncvs/src/sys/kern/vfs_syscalls.c,v retrieving revision 1.305 diff -u -r1.305 vfs_syscalls.c --- vfs_syscalls.c 13 Jan 2003 00:28:55 -0000 1.305 +++ vfs_syscalls.c 20 Jan 2003 15:51:52 -0000 @@ -542,8 +542,10 @@ if ((error = change_dir(&nd, td)) != 0) goto error; #ifdef MAC - if ((error = mac_check_vnode_chroot(td->td_ucred, nd.ni_vp))) + if ((error = mac_check_vnode_chroot(td->td_ucred, nd.ni_vp))) { + vput(vp); goto error; + } #endif FILEDESC_LOCK(fdp); if (chroot_allow_open_directories == 0 || @@ -567,7 +569,7 @@ FILEDESC_UNLOCK(fdp); error: mtx_unlock(&Giant); - NDFREE(&nd, 0); + NDFREE(&nd, NDF_ONLY_PNBUF); return (error); } %%% -- Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org, +7 (095) 7969079 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030120185431.H53795>