lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200131004558.GA6699@bombadil.infradead.org>
Date:   Thu, 30 Jan 2020 16:45:58 -0800
From:   Matthew Wilcox <willy@...radead.org>
To:     Ross Zwisler <zwisler@...omium.org>
Cc:     linux-kernel@...r.kernel.org,
        Mattias Nissler <mnissler@...omium.org>,
        Benjamin Gordon <bmgordon@...gle.com>,
        Ross Zwisler <zwisler@...gle.com>,
        Raul Rangel <rrangel@...gle.com>,
        Micah Morton <mortonm@...gle.com>,
        Dmitry Torokhov <dtor@...gle.com>, Jan Kara <jack@...e.cz>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH v4] Add a "nosymfollow" mount option.

On Thu, Jan 30, 2020 at 05:27:50PM -0700, Ross Zwisler wrote:
> For mounts that have the new "nosymfollow" option, don't follow
> symlinks when resolving paths. The new option is similar in spirit to
> the existing "nodev", "noexec", and "nosuid" options. Various BSD
> variants have been supporting the "nosymfollow" mount option for a
> long time with equivalent implementations.
> 
> Note that symlinks may still be created on file systems mounted with
> the "nosymfollow" option present. readlink() remains functional, so
> user space code that is aware of symlinks can still choose to follow
> them explicitly.
> 
> Setting the "nosymfollow" mount option helps prevent privileged
> writers from modifying files unintentionally in case there is an
> unexpected link along the accessed path. The "nosymfollow" option is
> thus useful as a defensive measure for systems that need to deal with
> untrusted file systems in privileged contexts.

The openat2 series was just merged yesterday which includes a
LOOKUP_NO_SYMLINKS option.  Is this enough for your needs, or do you
need the mount option?

https://lore.kernel.org/linux-fsdevel/20200129142709.GX23230@ZenIV.linux.org.uk/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ