diff options
| author | Anton Lindqvist <anton@basename.se> | 2019-07-21 10:49:42 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2019-07-22 07:36:41 +0200 |
| commit | 919efc620a0182d60cef1a749775476e8f06a52d (patch) | |
| tree | 1919f5c3eb7360f1036c4cae6f8cfe9262878ee0 | |
| parent | 1656845f45f284c574eb4f8bfe85dd7916a47a3a (diff) | |
sys/openbsd: prevent swap partition device nodes from being created
Writing to the swap partition during fuzzing can lead to all kinds of
corruptions[1].
[1] https://syzkaller.appspot.com/bug?id=a2eca15e6e0be4be3ed1b0b2bab3332edc317b1c
| -rw-r--r-- | sys/openbsd/init.go | 7 | ||||
| -rw-r--r-- | sys/openbsd/init_test.go | 12 |
2 files changed, 15 insertions, 4 deletions
diff --git a/sys/openbsd/init.go b/sys/openbsd/init.go index 0d79a96ff..404536dfa 100644 --- a/sys/openbsd/init.go +++ b/sys/openbsd/init.go @@ -112,9 +112,10 @@ func (arch *arch) SanitizeCall(c *prog.Call) { dev.Val = devNullDevT } - // Prevent /dev/sd0c nodes from being created since the refer to - // the raw root disk. - if devmajor(dev.Val) == 4 && devminor(dev.Val) == 2 { + // Prevent /dev/sd0b (swap partition) and /dev/sd0c (raw disk) + // nodes from being created. Writing to such devices can corrupt + // the file system. + if devmajor(dev.Val) == 4 && (devminor(dev.Val) == 1 || devminor(dev.Val) == 2) { dev.Val = devNullDevT } case "mlockall": diff --git a/sys/openbsd/init_test.go b/sys/openbsd/init_test.go index 65e89b920..186b199c0 100644 --- a/sys/openbsd/init_test.go +++ b/sys/openbsd/init_test.go @@ -42,8 +42,18 @@ func TestSanitizeCall(t *testing.T) { `mknod(0x0, 0x0, 0x1600)`, }, { + // major=4, minor=0 + `mknod(0x0, 0x0, 0x400)`, + `mknod(0x0, 0x0, 0x400)`, + }, + { + // major=4, minor=1 + `mknod(0x0, 0x0, 0x401)`, + `mknod(0x0, 0x0, 0x202)`, + }, + { // major=4, minor=2 - `mknod(0x0, 0x0, 0x0402)`, + `mknod(0x0, 0x0, 0x402)`, `mknod(0x0, 0x0, 0x202)`, }, { |