Re: [PATCH v2] vfs: Tighten up linkat(..., AT_EMPTY_PATH)
From: Linus Torvalds
Date: Thu Aug 22 2013 - 15:24:04 EST
On Thu, Aug 22, 2013 at 12:05 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
>
> Does this work for the procfs case? As far as I understand it (which
> isn't saying much), it goes through the symlink-following path.
Right. The /proc case is still separate, and we really should do
something about that too. But again, I don't think I_LINKABLE is the
thing to use there either. We probably should tighten up the magic
/proc follow-link a lot.
> What if we added another field to struct nameidata that's indicates
> what restrictions need to be enforced when following magical symlinks
> and then enforcing them when nd_jump_link gets used. (There are only
> two of these, both in procfs.)
Yes, I think that might be just the kind of thing to do. Except some
tightening could well be quite regardless of any extra flags.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/