Kernel/VFS: Validate paths against process veil in mkdir()

VirtualFileSystem::mkdir() relies on resolve_path() returning an error, since it is only interested in the out_parent passed as a pointer. Since resolve_path_without_veil returns an error, no process veil validation is done by resolve_path() in that case. Due to this problem, mkdir() should use resolve_path_without_veil() and then manually validate if the parent directory of the to-be-created directory is unveiled with 'c' permissions. This fixes a bug where the mkdir syscall would not respect the process veil at all.
Author: https://github.com/MaxWipfli Commit: e8f491b01d Pull-request: https://github.com/SerenityOS/serenity/pull/12462 Reviewed-by: https://github.com/IdanHo ✅ Reviewed-by: https://github.com/bgianfo
2025-04-26 22:38:51 +00:00 · 2021-07-11 14:50:15 +02:00 · 2021-07-11 14:50:15 +02:00 · e8f491b01d · 2024-07-17 18:54:32 +09:00
commit e8f491b01d
parent 8c7010f282
1 changed files with 2 additions and 1 deletions
--- a/Kernel/FileSystem/VirtualFileSystem.cpp
+++ b/Kernel/FileSystem/VirtualFileSystem.cpp
@ -363,7 +363,7 @@ ErrorOr<void> VirtualFileSystem::mkdir(StringView path, mode_t mode, Custody& ba
    }

    RefPtr<Custody> parent_custody;
-    auto result = resolve_path(path, base, &parent_custody);
+    auto result = resolve_path_without_veil(path, base, &parent_custody);
    if (!result.is_error())
        return EEXIST;
    else if (!parent_custody)
@ -371,6 +371,7 @@ ErrorOr<void> VirtualFileSystem::mkdir(StringView path, mode_t mode, Custody& ba
    // NOTE: If resolve_path fails with a non-null parent custody, the error should be ENOENT.
    VERIFY(result.error().code() == ENOENT);

+    TRY(validate_path_against_process_veil(*parent_custody, O_CREAT));
    auto& parent_inode = parent_custody->inode();
    auto& current_process = Process::current();
    if (!parent_inode.metadata().may_write(current_process))