From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1060200-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id E857D138334
	for <garchives@archives.gentoo.org>; Sun,  2 Dec 2018 15:22:19 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id CC577E08C0;
	Sun,  2 Dec 2018 15:22:18 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id A7683E08C0
	for <gentoo-commits@lists.gentoo.org>; Sun,  2 Dec 2018 15:22:18 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id D0297335C36
	for <gentoo-commits@lists.gentoo.org>; Sun,  2 Dec 2018 15:22:16 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 20C002A7
	for <gentoo-commits@lists.gentoo.org>; Sun,  2 Dec 2018 15:22:15 +0000 (UTC)
From: "Michał Górny" <mgorny@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Michał Górny" <mgorny@gentoo.org>
Message-ID: <1543763859.fcb399f5a685f088b9f10d9d57e326ee78f9e6dd.mgorny@gentoo>
Subject: [gentoo-commits] proj/sandbox:master commit in: libsandbox/
X-VCS-Repository: proj/sandbox
X-VCS-Files: libsandbox/libsandbox.c
X-VCS-Directories: libsandbox/
X-VCS-Committer: mgorny
X-VCS-Committer-Name: Michał Górny
X-VCS-Revision: fcb399f5a685f088b9f10d9d57e326ee78f9e6dd
X-VCS-Branch: master
Date: Sun,  2 Dec 2018 15:22:15 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 3dbc43f0-6c3c-4415-9c1a-4fae67dde621
X-Archives-Hash: acebdc81c662bf2cc3c116f4fecd9cfc

commit:     fcb399f5a685f088b9f10d9d57e326ee78f9e6dd
Author:     Zac Medico <zmedico <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 12 03:56:24 2018 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Sun Dec  2 15:17:39 2018 +0000
URL:        https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=fcb399f5

libsandbox: resolve_dirfd_path /proc/<pid> namespace safety

If /proc was mounted by a process in a different pid namespace,
getpid cannot be used create a valid /proc/<pid> path. Instead
use sb_get_fd_dir() which works in any case. This implements
option 3 of these choices:

1) Always create a mount namespace when creating a pid namespace,
   and remount /proc so that /proc/<pid> entries are always consistent
   with the current pid namespace.

2) Use readlink on /proc/self instead of getpid to determine the pid
   of self in the pid namespace of the /proc mount.

3) Use /proc/self or /dev/fd directly.

Bug: https://bugs.gentoo.org/670966
Signed-off-by: Zac Medico <zmedico <AT> gentoo.org>
Closes: https://github.com/gentoo/sandbox/pull/1
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>

 libsandbox/libsandbox.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index 9ef13b1..e0c9d1a 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -125,7 +125,14 @@ int resolve_dirfd_path(int dirfd, const char *path, char *resolved_path,
 	save_errno();
 
 	size_t at_len = resolved_path_len - 1 - 1 - (path ? strlen(path) : 0);
-	sprintf(resolved_path, "/proc/%i/fd/%i", trace_pid ? : getpid(), dirfd);
+	if (trace_pid)
+	    sprintf(resolved_path, "/proc/%i/fd/%i", trace_pid, dirfd);
+	else
+	    /* If /proc was mounted by a process in a different pid namespace,
+	     * getpid cannot be used to create a valid /proc/<pid> path. Instead
+	     * use sb_get_fd_dir() which works in any case.
+	     */
+	    sprintf(resolved_path, "%s/%i", sb_get_fd_dir(), dirfd);
 	ssize_t ret = readlink(resolved_path, resolved_path, at_len);
 	if (ret == -1) {
 		/* see comments at end of check_syscall() */