NetBSD Problem Report #51963
From paul@whooppee.com Fri Feb 10 06:13:56 2017
Return-Path: <paul@whooppee.com>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id B948C7A16F
for <gnats-bugs@gnats.NetBSD.org>; Fri, 10 Feb 2017 06:13:56 +0000 (UTC)
Message-Id: <20170210061353.C764E16E62@speedy.whooppee.com>
Date: Fri, 10 Feb 2017 14:13:53 +0800 (PHT)
From: paul@whooppee.com
Reply-To: paul@whooppee.com
To: gnats-bugs@NetBSD.org
Subject: sockets in chroot sandbox via null-mounts don't work
X-Send-Pr-Version: 3.95
>Number: 51963
>Category: kern
>Synopsis: sockets in chroot sandbox via null-mounts don't work
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Feb 10 06:15:00 +0000 2017
>Closed-Date:
>Last-Modified: Thu Jun 07 06:30:00 +0000 2018
>Originator: Paul Goyette
>Release: NetBSD 7.99.53
>Organization:
+------------------+--------------------------+------------------------+
| Paul Goyette | PGP Key fingerprint: | E-mail addresses: |
| (Retired) | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com |
| Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org |
+------------------+--------------------------+------------------------+
>Environment:
System: NetBSD speedy.whooppee.com 7.99.53 NetBSD 7.99.53 (SPEEDY 2016-12-31 23:00:24) #1: Sun Jan 1 01:39:34 UTC 2017 paul@speedy.whooppee.com:/build/netbsd-local/obj/amd64/sys/arch/amd64/compile/SPEEDY amd64
Architecture: x86_64
Machine: amd64
>Description:
Sockets within a sandbox created by null-mounts don't work. See below.
>How-To-Repeat:
1. Start an X server outside of the sandbox
2. Create and mount a sandbox using null-mounts. The pkgtools/sandbox
utility can easily do this. Be sure to add /tmp and /home to the
list of file-systems which should be null-mounted within the sandbox
3. From outside the sandbox, run xev and observe that it works
4. From inside the sandbox, run xev and note that it fails when trying
to connect to the unix socket for the X server, with ECONNREFUSED
(errno = 61)
5. Now, install the net/socat package
6. Use socat to create a socket within the sandbox and relay data to the
real socket
socat unix-listen:/path/to/chroot/tmp/.X11-unix/X123,mode=0777,reuseaddr,fork unix-connect:/tmp/.X11-unix/X0 &
7. Use xauth to copy authentication records for the unix:0 server to the
unix:123 server (handled by socat's listener socket)
8. Make sure your XAUTHORITY file is accessible within the sandbox
9. Re-run xev with '-display unix:123' option and note that it connects!
>Fix:
Not known, but suspicion is that x v->v_socket is never reflected in ther
layer vnode. So when unp_connect uses that, it gets nothing.
...
/* Acquire v_interlock to protect against unp_detach(). */
mutex_enter(vp->v_interlock);
so2 = vp->v_socket;
if (so2 == NULL) {
mutex_exit(vp->v_interlock);
error = ECONNREFUSED;
goto bad;
}
...
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback
State-Changed-By: maya@NetBSD.org
State-Changed-When: Sun, 03 Jun 2018 07:56:59 +0000
State-Changed-Why:
my 52598 was pretty similar, does the fix for it work for this case too?
State-Changed-From-To: feedback->open
State-Changed-By: pgoyette@NetBSD.org
State-Changed-When: Thu, 07 Jun 2018 06:28:47 +0000
State-Changed-Why:
Feedback provided - the problem still exists
From: Paul Goyette <paul@whooppee.com>
To: gnats-bugs@NetBSD.org
Cc: maya@netbsd.org
Subject: Re: kern/51963: sockets in chroot sandbox via null-mounts don't work
Date: Thu, 7 Jun 2018 14:27:43 +0800 (+08)
> State-Changed-From-To: open->feedback
> State-Changed-By: maya@NetBSD.org
> State-Changed-When: Sun, 03 Jun 2018 07:56:59 +0000
> State-Changed-Why: my 52598 was pretty similar, does the fix for it
> work for this case too?
The problem still exists as of a 8.99.18 kernel built from sources
updated on 2018-05-27 at 05:42:36 UTC
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home