On Mon, Aug 30, 2004 at 05:46:37AM +0100, [EMAIL PROTECTED] wrote: > Arguments about O_NOFOLLOW on the intermediate stages are bullshit, IMNSHO - > if they want to make some parts of tree inaccessible, they should simply > mkdir /tmp/FOAD; chmod 0 /tmp/FOAD; mount --bind /tmp/FOAD <blocked path> > in the namespace their daemon is running in. And forget all that crap > about filtering pathnames and blocking symlinks on intermediate stages > (the latter is obviously worthless without the former since one can simply > substitute the symlink body in the pathname).
Ehh... After looking at that for a while... No, it's not that simple and removing the stuff that way won't do what these guys want, at least not without something else. Frankly, what I've seen worries me a lot - it looks like there is a missing primitive here that would be saner than this sort of filtering. It appears that most of this stuff would be covered by a fast way to tell if the resulting object belongs to given subtree. That could be arranged (not without some changes, but doable), but I'm not sure that it's enough to cover the stuff they are really trying to do. It does look like an interesting problem and current solutions certainly suck. And I very much doubt that "do a lookup if it doesn't run into anything that could be too tricky for our pathname-based checks, otherwise let's do it step-by-step from userland" is the right approach here.
