lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <39662373-f333-a5e1-f734-1b003992a468@gmail.com>
Date:   Tue, 12 Feb 2019 17:41:09 -0500
From:   "Demi M. Obenour" <demiobenour@...il.com>
To:     Andreas Dilger <adilger@...ger.ca>
Cc:     Jeff Layton <jlayton@...nel.org>,
        "J. Bruce Fields" <bfields@...ldses.org>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Arnd Bergmann <arnd@...db.de>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        open list <linux-kernel@...r.kernel.org>,
        linux-arch@...r.kernel.org
Subject: Re: [PATCH 2/4] Expose O_PATHSTATIC to userspace



On 2/12/19 3:18 PM, Andreas Dilger wrote:
> On Feb 12, 2019, at 7:54 AM, demiobenour@...il.com wrote:
>>
>> From: "Demi M. Obenour" <demiobenour@...il.com>
>>
>> This adds the file open flag O_PATHSTATIC, which ensures that symbolic
>> links are *never* followed, even in path components other than the last.
>> This is distinct from O_NOFOLLOW, which only prevents symlinks in the
>> *last* component from being followed.
>>
>> This is useful for avoiding race conditions in userspace code that
>> should expose only a subset of the filesystem to clients.  This includes
>> FTP and SFTP servers, QEMU, and others.
>>
>> Currently, O_NOFOLLOW must be set if O_PATHSTATIC is set.  Otherwise,
>> open() fails with -EINVAL.
> 
> I don't want to bikeshed (discard suggestion if you disagree), but why not
> name the flag "O_NEVER_FOLLOW" so that users can see it is also related to
> "O_NOFOLLOW"?  Otherwise it seems like they are two completely different
> things from looking at the names, when in fact they are closely related.
> 
> Cheers, Andreas
> 

Searching for O_PATHSTATIC gives two results:

* https://www.halfdog.net/Security/2010/FilesystemRecursionAndSymlinks
* https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html

O_DIRECTORY_NOFOLLOW would also be a good choice, since that is what the
flag actually does.  Ideally, we would rename O_NOFOLLOW, but we can’t.



Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ