https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236836
Bug ID: 236836 Summary: Kernel panic from calling mq_open("/.", ...) as root Product: Base System Version: 12.0-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: b...@freebsd.org Reporter: t.b.mo...@lyse.net Created attachment 203197 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=203197&action=edit Untested patch for rejecting "/." and "/.." with EACCES After loading the mqueuefs module, calling mq_open() with "/.." or "/." as name in a C program run by root crashes the system. I assume it's a panic but it reboots too quickly to read the text. Doing this as non-root does nothing and EACCES is produced. mq_unlink("/.") as root successfully removes . from mqueuefs, and mq_unlink("/..") as root removes both .. and . Trying to unlink either as non-root just produces EACCES. After this a non-root user can create queues with these names and use them as any other queue. Listing the directory where mqueuefs is mounted while . or .. exists as queues also crashes the system. I have not tested whether programs running inside jails can cause this crash or also get EACCES. I've created a patch which I think should fix this, but I haven't tested it at all. I wasn't sure whether to pick 12.0-RELEASE or 12.0-STABLE; uname -a says: FreeBSD freebsd 12.0-RELEASE FreeBSD 12.0-RELEASE r341666 GENERIC amd64 -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"