Re: how to restrict file access below some top directory

In reply to: Matthias Apitz : "how to restrict file access below some top directory"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Stefan Esser <se_at_FreeBSD.org>
Date: Thu, 10 Feb 2022 08:54:45 UTC

Am 10.02.22 um 09:25 schrieb Matthias Apitz:
> 
> Hello,
> 
> I want restrict in a C- or Perl-written application the file access to
> only files below some top directory, say
> 
> 	/var/spool/dir/
> 
> and not allowing, for example, access to /var/spool/dir/../../../etc/passwd
> Ofc, this could be done easy with chroot(2), but this would require root
> permision. Any other ideas?

Hi Matthias,

how about openat() in combination with capsicum?

From the open(4) / openat(4) man-page:

     In capsicum(4) capability mode, open() is not permitted.  The path
     argument to openat() must be strictly relative to a file descriptor fd.
     path must not be an absolute path and must not contain ".." components
     which cause the path resolution to escape the directory hierarchy
     starting at fd.  Additionally, no symbolic link in path may target
     absolute path or contain escaping ".." components.  fd must not be
     AT_FDCWD.

     If the vfs.lookup_cap_dotdot sysctl(3) MIB is set to zero, ".."
     components in the paths, used in capability mode, are completely
     disabled.  If the vfs.lookup_cap_dotdot_nonlocal MIB is set to zero, ".."
     is not allowed if found on non-local filesystem.

Gruß, STefan