| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALCETrVue8VyJDUSgy9Hsw67mxddirwDr703OBM_fWm9Hzvb4A@mail.gmail.com>
Date: Sat, 29 Apr 2017 18:13:27 -0700
From: Andy Lutomirski <luto@...nel.org>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: Andy Lutomirski <luto@...nel.org>,
Linux API <linux-api@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Linux FS Devel <linux-fsdevel@...r.kernel.org>
Subject: Re: new ...at() flag: AT_NO_JUMPS
On Sat, Apr 29, 2017 at 4:25 PM, Al Viro <viro@...iv.linux.org.uk> wrote:
> On Sat, Apr 29, 2017 at 04:17:18PM -0700, Andy Lutomirski wrote:
>> On Sat, Apr 29, 2017 at 3:04 PM, Al Viro <viro@...iv.linux.org.uk> wrote:
>> > New AT_... flag - AT_NO_JUMPS
>> >
>> > Semantics: pathname resolution must not involve
>> > * traversals of absolute symlinks
>> > * traversals of procfs-style symlinks
>> > * traversals of mountpoints (including bindings, referrals, etc.)
>> > * traversal of .. in the starting point of pathname resolution.
>>
>> Can you clarify this last one? I assume that ".." will be rejected,
>> but what about "a/../.."? How about "b" if b is a symlink to ".."?
>> How about "a/b" if a is a directory and b is a symlink to "../.."?
>
> All of those will be rejected - in each of those cases pathname traversal
> leads back into the starting point with .. being the next component to
> handle.
Sounds good.
Might it make sense to split it into two flags, one to prevent moving
between mounts and one for everything else? I can imagine webservers
and such that are fine with traversing mount points but don't want to
escape their home directory.
--Andy
Powered by blists - more mailing lists