On 2018-09-29, Aleksa Sarai <cyphar@xxxxxxxxxx> wrote: > * AT_XDEV: Disallow mount-point crossing (both *down* into one, or *up* > from one). The primary "scoping" use is to blocking resolution that > crosses a bind-mount, which has a similar property to a symlink (in > the way that it allows for escape from the starting-point). Since it > is not possible to differentiate bind-mounts However since > bind-mounting requires privileges (in ways symlinks don't) this has > been split from LOOKUP_BENEATH. The naming is based on "find -xdev" > (though find(1) doesn't walk upwards, the semantics seem obvious). I've just noticed that the mountpoint-crossing code for AT_XDEV doesn't detect things like: % ln -s / /tmp/jumpup % vfs_helper -o open -F xdev -d /tmp jumpup / I will fix that in v2. -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH <https://www.cyphar.com/>
Attachment:
signature.asc
Description: PGP signature