On Mon, Jun 30, 2014 at 07:49:41AM -0700, Andy Lutomirski wrote: > On Jun 30, 2014 3:36 AM, "David Drysdale" <drysdale@xxxxxxxxxx> wrote: > > > > Add a new O_BENEATH_ONLY flag for openat(2) which restricts the > > provided path, rejecting (with -EACCES) paths that are not beneath > > the provided dfd. In particular, reject: > > - paths that contain .. components > > - paths that begin with / > > - symlinks that have paths as above. > > I like this a lot. However, I think I'd like it even better if it > were AT_BENEATH_ONLY so that it could be added to the rest of the *at > family. > > --Andy Wouldn't it need to be both O_BENEATH_ONLY (for openat()) and AT_BENEATH_ONLY (for other *at() functions), like O_NOFOLLOW and AT_SYMLINK_NOFOLLOW? (I.e. aren't the AT_* flags in a different numbering space than O_* flags?) Or am I misunderstanding? -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
