lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Aug 2010 12:51:35 +0100 From: Al Viro <viro@...IV.linux.org.uk> To: Neil Brown <neilb@...e.de> Cc: Christoph Hellwig <hch@...radead.org>, "Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>, adilger@....com, corbet@....net, npiggin@...e.de, hooanon05@...oo.co.jp, bfields@...ldses.org, miklos@...redi.hu, linux-fsdevel@...r.kernel.org, sfrench@...ibm.com, philippe.deniel@....FR, linux-kernel@...r.kernel.org Subject: Re: [PATCH -V18 04/13] vfs: Allow handle based open on symlinks On Fri, Aug 20, 2010 at 07:53:03PM +1000, Neil Brown wrote: > On Fri, 20 Aug 2010 04:30:57 -0400 > Christoph Hellwig <hch@...radead.org> wrote: > > > Suddenly getting an file pointer for a symlink which could never happen > > before is a really bad idea. Just add a proper readlink_by_handle > > system call, similar to what's done in the XFS interface. > > Why is that? > With futexes we suddenly get a file descriptor for something we could never > get a file descriptor on before and that doesn't seem to be a problem. > > Why should symlinks be special as the only thing that you cannot have a file > descriptor for? Uniformity of interface is a very valuable property. You are welcome to review the codepaths around pathname resolution for assumptions of presense of ->follow_link() and friends; there _are_ subtle cases and dumping your "opened symlinks" in there is far from a trivial change. Note that it affects more than just the starting points of lookups; /proc/*/fd/* stuff is also involved. BTW, speaking of NULL pathname, linkat() variant that allows creating a link to an opened file is also a very dubious thing; at the very least, you get non-trivial security implications, since now a process that got an opened descriptor passed to it by somebody else may create hardlinks to the sucker. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists