Hi all, I'm new to this mailing list and to kernel devs in general. Hope we'll have good time together. And thanks in advance for your time and all. Clarification: With rootfs I mean the root of the roots of the file systems mounted. Upon which are mounted the others file systems. Context-Problem: In a transversal directory attack, in which the attacker doesn't know which is the relative path to start with the attack (which is read/write doesn't care) an attacker could exploit the fact that the rootfs has a ".." dir entry in the "/" dir to be sure to browse the correct "/" by concatenating a series of "../../" repeated n times (with n>=current_depth_of_directory ; this is easy to do with a big n). Reached the "/" he could go in the preferred path. Then the dangerousness depends from the achieved privileges. Question: Wouldn't be better to have the rootfs, that in the root directory "/" doesn't have a dir entry ".." to itself? Would this change creates problems to the kernel or the user space programs? Why is this solution in place? Is just a Unix convention or something more (w.r.t Unix)? -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
