From 830ec8c40b33544467db797829aca0f676724e0f Mon Sep 17 00:00:00 2001
From: Mikail Bagishov <bagishov.mikail@yandex.ru>
Date: Wed, 27 Jan 2021 23:24:55 +0300
Subject: [PATCH 1/7] Specify non-null fstype for bind mounts

---
 src/linux/zygote/setup.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/linux/zygote/setup.rs b/src/linux/zygote/setup.rs
index c4b4614d..37dd5865 100644
--- a/src/linux/zygote/setup.rs
+++ b/src/linux/zygote/setup.rs
@@ -64,7 +64,7 @@ fn expose_dir(jail_root: &Path, system_path: &Path, alias_path: &Path, kind: Sha
         let mnt_res = libc::mount(
             bind_src.as_ptr(),
             bind_target.as_ptr(),
-            ptr::null(),
+            "bind\0".as_ptr(),
             libc::MS_BIND,
             ptr::null(),
         );

From 0fa2ce67f573e5457aa0073b248fc573dc388b3a Mon Sep 17 00:00:00 2001
From: Mikail Bagishov <bagishov.mikail@yandex.ru>
Date: Wed, 27 Jan 2021 23:34:02 +0300
Subject: [PATCH 2/7] fixup

---
 src/linux/zygote/setup.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/linux/zygote/setup.rs b/src/linux/zygote/setup.rs
index 37dd5865..74dfc504 100644
--- a/src/linux/zygote/setup.rs
+++ b/src/linux/zygote/setup.rs
@@ -12,7 +12,7 @@ use crate::{
 };
 use nix::sys::signal;
 use std::{
-    ffi::CString,
+    ffi::{CStr, CString},
     fs, io,
     io::Write,
     os::unix::{ffi::OsStrExt, io::RawFd},
@@ -64,7 +64,7 @@ fn expose_dir(jail_root: &Path, system_path: &Path, alias_path: &Path, kind: Sha
         let mnt_res = libc::mount(
             bind_src.as_ptr(),
             bind_target.as_ptr(),
-            "bind\0".as_ptr(),
+            CStr::from_bytes_with_nul(b"bind\0").unwrap().as_ptr(),
             libc::MS_BIND,
             ptr::null(),
         );

From a248b4aa5ab3fe0350ab448ee9b1014c7ac80b6b Mon Sep 17 00:00:00 2001
From: Mikail Bagishov <bagishov.mikail@yandex.ru>
Date: Wed, 27 Jan 2021 23:43:47 +0300
Subject: [PATCH 3/7] now there is no UAF definitely

---
 src/linux/zygote/setup.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/linux/zygote/setup.rs b/src/linux/zygote/setup.rs
index 74dfc504..fcc855f8 100644
--- a/src/linux/zygote/setup.rs
+++ b/src/linux/zygote/setup.rs
@@ -60,11 +60,12 @@ fn expose_dir(jail_root: &Path, system_path: &Path, alias_path: &Path, kind: Sha
     }
     let bind_target = CString::new(bind_target.as_os_str().as_bytes()).unwrap();
     let bind_src = CString::new(system_path.as_os_str().as_bytes()).unwrap();
+    let fstype = CStr::from_bytes_with_nul(b"bind\0").unwrap();
     unsafe {
         let mnt_res = libc::mount(
             bind_src.as_ptr(),
             bind_target.as_ptr(),
-            CStr::from_bytes_with_nul(b"bind\0").unwrap().as_ptr(),
+            fstype.as_ptr(),
             libc::MS_BIND,
             ptr::null(),
         );

From 6c9b2383cb4fa74c88a03abbc63d0ff4d6e777d0 Mon Sep 17 00:00:00 2001
From: Mikail Bagishov <bagishov.mikail@yandex.ru>
Date: Wed, 27 Jan 2021 23:57:08 +0300
Subject: [PATCH 4/7] dbg

---
 src/linux/zygote/setup.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/linux/zygote/setup.rs b/src/linux/zygote/setup.rs
index fcc855f8..0366fd76 100644
--- a/src/linux/zygote/setup.rs
+++ b/src/linux/zygote/setup.rs
@@ -62,6 +62,7 @@ fn expose_dir(jail_root: &Path, system_path: &Path, alias_path: &Path, kind: Sha
     let bind_src = CString::new(system_path.as_os_str().as_bytes()).unwrap();
     let fstype = CStr::from_bytes_with_nul(b"bind\0").unwrap();
     unsafe {
+        libc::printf(fstype.as_ptr());
         let mnt_res = libc::mount(
             bind_src.as_ptr(),
             bind_target.as_ptr(),

From f21ef314c40a2713f9ed9bf6d2e12382ea49cf54 Mon Sep 17 00:00:00 2001
From: Mikail Bagishov <bagishov.mikail@yandex.ru>
Date: Thu, 28 Jan 2021 00:07:22 +0300
Subject: [PATCH 5/7] debug2

---
 src/linux/zygote/setup.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/linux/zygote/setup.rs b/src/linux/zygote/setup.rs
index 0366fd76..e366ac9e 100644
--- a/src/linux/zygote/setup.rs
+++ b/src/linux/zygote/setup.rs
@@ -63,6 +63,7 @@ fn expose_dir(jail_root: &Path, system_path: &Path, alias_path: &Path, kind: Sha
     let fstype = CStr::from_bytes_with_nul(b"bind\0").unwrap();
     unsafe {
         libc::printf(fstype.as_ptr());
+        libc::printf(b"bind\0".as_ptr().cast());
         let mnt_res = libc::mount(
             bind_src.as_ptr(),
             bind_target.as_ptr(),

From 2e99b34e53f3dfcc55fa03bf25bc7a87eb53a533 Mon Sep 17 00:00:00 2001
From: Mikail Bagishov <bagishov.mikail@yandex.ru>
Date: Thu, 28 Jan 2021 18:52:26 +0300
Subject: [PATCH 6/7] other const

---
 src/linux/zygote/setup.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/linux/zygote/setup.rs b/src/linux/zygote/setup.rs
index e366ac9e..27d21868 100644
--- a/src/linux/zygote/setup.rs
+++ b/src/linux/zygote/setup.rs
@@ -60,7 +60,7 @@ fn expose_dir(jail_root: &Path, system_path: &Path, alias_path: &Path, kind: Sha
     }
     let bind_target = CString::new(bind_target.as_os_str().as_bytes()).unwrap();
     let bind_src = CString::new(system_path.as_os_str().as_bytes()).unwrap();
-    let fstype = CStr::from_bytes_with_nul(b"bind\0").unwrap();
+    let fstype = CStr::from_bytes_with_nul(b"none\0").unwrap();
     unsafe {
         libc::printf(fstype.as_ptr());
         libc::printf(b"bind\0".as_ptr().cast());

From d47c751e8d3eef870bbd4accc9c7ad7abf4e1116 Mon Sep 17 00:00:00 2001
From: Mikail Bagishov <bagishov.mikail@yandex.ru>
Date: Thu, 28 Jan 2021 18:52:42 +0300
Subject: [PATCH 7/7] rm dbg

---
 src/linux/zygote/setup.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/linux/zygote/setup.rs b/src/linux/zygote/setup.rs
index 27d21868..3c94bd29 100644
--- a/src/linux/zygote/setup.rs
+++ b/src/linux/zygote/setup.rs
@@ -62,8 +62,8 @@ fn expose_dir(jail_root: &Path, system_path: &Path, alias_path: &Path, kind: Sha
     let bind_src = CString::new(system_path.as_os_str().as_bytes()).unwrap();
     let fstype = CStr::from_bytes_with_nul(b"none\0").unwrap();
     unsafe {
-        libc::printf(fstype.as_ptr());
-        libc::printf(b"bind\0".as_ptr().cast());
+       // libc::printf(fstype.as_ptr());
+       // libc::printf(b"bind\0".as_ptr().cast());
         let mnt_res = libc::mount(
             bind_src.as_ptr(),
             bind_target.as_ptr(),