On Jun 30, 2014 3:36 AM, "David Drysdale" <drysd...@google.com> wrote: > > Add a new O_BENEATH_ONLY flag for openat(2) which restricts the > provided path, rejecting (with -EACCES) paths that are not beneath > the provided dfd. In particular, reject: > - paths that contain .. components > - paths that begin with / > - symlinks that have paths as above.
I like this a lot. However, I think I'd like it even better if it were AT_BENEATH_ONLY so that it could be added to the rest of the *at family. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/