Re: [PATCH 1/3] namei: implement O_BENEATH-style AT_* flags

From: Aleksa Sarai
Date: Sun Sep 30 2018 - 00:40:41 EST

Next message: Aleksa Sarai: "Re: [PATCH 0/3] namei: implement various scoping AT_* flags"
Previous message: kbuild test robot: "Re: [PATCH] apparmor: don't try to replace stale label in ptraceme check"
In reply to: Aleksa Sarai: "Re: [PATCH 1/3] namei: implement O_BENEATH-style AT_* flags"
Next in thread: Aleksa Sarai: "[PATCH 2/3] namei: implement AT_THIS_ROOT chroot-like path resolution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2018-09-29, Aleksa Sarai <cyphar@xxxxxxxxxx> wrote:
> * AT_XDEV: Disallow mount-point crossing (both *down* into one, or *up*
> from one). The primary "scoping" use is to blocking resolution that
> crosses a bind-mount, which has a similar property to a symlink (in
> the way that it allows for escape from the starting-point). Since it
> is not possible to differentiate bind-mounts However since
> bind-mounting requires privileges (in ways symlinks don't) this has
> been split from LOOKUP_BENEATH. The naming is based on "find -xdev"
> (though find(1) doesn't walk upwards, the semantics seem obvious).

I've just noticed that the mountpoint-crossing code for AT_XDEV doesn't
detect things like:

% ln -s / /tmp/jumpup
% vfs_helper -o open -F xdev -d /tmp jumpup
/

I will fix that in v2.

--
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>

Attachment: signature.asc
Description: PGP signature

Next message: Aleksa Sarai: "Re: [PATCH 0/3] namei: implement various scoping AT_* flags"
Previous message: kbuild test robot: "Re: [PATCH] apparmor: don't try to replace stale label in ptraceme check"
In reply to: Aleksa Sarai: "Re: [PATCH 1/3] namei: implement O_BENEATH-style AT_* flags"
Next in thread: Aleksa Sarai: "[PATCH 2/3] namei: implement AT_THIS_ROOT chroot-like path resolution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]