On Wed, 12 Jul 2023 at 02:56, Christian Brauner <brauner@xxxxxxxxxx> wrote:
>
> Changing the mode of symlinks is meaningless as the vfs doesn't take the
> mode of a symlink into account during path lookup permission checking.
Hmm. I have this dim memory that we actually used to do that as an
extension at one point for the symlinks in /proc. Long long ago.
Or maybe it was just a potential plan.
Because at least in /proc, the symlinks *do* have protection semantics
(ie you can't do readlink() on them or follow them without the right
permissions.
That said, blocking the mode setting sounds fine, because the proc
permissions are basically done separately.
However:
> if ((ia_valid & ATTR_MODE)) {
> + if (S_ISLNK(inode->i_mode))
> + return -EOPNOTSUPP;
> +
> umode_t amode = attr->ia_mode;
The above is not ok. It might compile these days because we have to
allow statements before declarations for other reasons, but that
doesn't make it ok.
Linus
