On Wed, 9 Aug 2017 10:59:46 -0500
Eric Blake wrote:
> On 08/09/2017 10:22 AM, Greg Kurz wrote:
>
> >>>
> >>> The solution is to use O_PATH: openat() now succeeds in both cases, and we
> >>> can ensure the path isn't a symlink with fstat(). The associated entry in
> >>>
On 08/09/2017 10:22 AM, Greg Kurz wrote:
>>>
>>> The solution is to use O_PATH: openat() now succeeds in both cases, and we
>>> can ensure the path isn't a symlink with fstat(). The associated entry in
>>> "/proc/self/fd" can hence be safely passed to the regular chmod() syscall.
>>
>> Hey -
On Wed, 9 Aug 2017 18:11:51 +0300
Michael Tokarev wrote:
> 09.08.2017 17:23, Greg Kurz wrote:
> > This function has to ensure it doesn't follow a symlink that could be used
> > to escape the virtfs directory. This could be easily achieved if fchmodat()
> > on linux honored the
On Wed, 9 Aug 2017 10:01:14 -0500
Eric Blake wrote:
> On 08/09/2017 09:55 AM, Eric Blake wrote:
> > On 08/09/2017 09:23 AM, Greg Kurz wrote:
> >> This function has to ensure it doesn't follow a symlink that could be used
> >> to escape the virtfs directory. This could be
On Wed, 9 Aug 2017 09:55:32 -0500
Eric Blake wrote:
> On 08/09/2017 09:23 AM, Greg Kurz wrote:
> > This function has to ensure it doesn't follow a symlink that could be used
> > to escape the virtfs directory. This could be easily achieved if fchmodat()
> > on linux honored
09.08.2017 17:23, Greg Kurz wrote:
> This function has to ensure it doesn't follow a symlink that could be used
> to escape the virtfs directory. This could be easily achieved if fchmodat()
> on linux honored the AT_SYMLINK_NOFOLLOW flag as described in POSIX, but
> it doesn't.
>
> The current
On 08/09/2017 09:55 AM, Eric Blake wrote:
> On 08/09/2017 09:23 AM, Greg Kurz wrote:
>> This function has to ensure it doesn't follow a symlink that could be used
>> to escape the virtfs directory. This could be easily achieved if fchmodat()
>> on linux honored the AT_SYMLINK_NOFOLLOW flag as
On 08/09/2017 09:23 AM, Greg Kurz wrote:
> This function has to ensure it doesn't follow a symlink that could be used
> to escape the virtfs directory. This could be easily achieved if fchmodat()
> on linux honored the AT_SYMLINK_NOFOLLOW flag as described in POSIX, but
> it doesn't.
Might be
This function has to ensure it doesn't follow a symlink that could be used
to escape the virtfs directory. This could be easily achieved if fchmodat()
on linux honored the AT_SYMLINK_NOFOLLOW flag as described in POSIX, but
it doesn't.
The current implementation covers most use-cases, but it