Don Cragun wrote: > > Any approach that doesn't force the mount is going to leave a security > hole. The security hole while doing an ls -l probably isn't > important. I understand that there is a significant performance > penalty forcing mounts on all *stat*() calls. But surely we can force > the mounts if an application explicitly asks for it in an fstatat() > call when it knows that skipping the mount may lead to an otherwise > undetectable security hole. Both ftw() and nftw() should ask for it. > (Forcing the mount on the fstatat() in ftw() and nftw() will make them > run faster; not slower. They will be forcing the mounts anyway and > this avoids additional checks that have been added trying to plug the > security hole that was created by cases approved earlier.) > > > - Don > >
The issue here is that by the time we get to the fstatat() call, the mount has already occurred. It isn't just the opendir() call which forces the underlying vnops to trigger the mount. Whatever call we make to get our hands on the file descriptor will force the mount to occur.
