Am 01.08.2015 um 15:10 schrieb Tomas Bortoli: > Thanks for the clarification! > I'm trying to make a patch to slightly improve security in file system. > It consists in removing the ".." dir entry in the "/" dir of the file system mounted on the root mount point. What about chroot/namespaces/etc? :) > This could prevent an attacker from using a long series of "../../../" etc in a transversal directory attack > with unknown initial relative path to reach the root dir for sure and then move from there. > The dangerousness depends from which is the flaw > Do you think it's worth it? I'm not sure if it is worth the hassle, I bet some applications depend on that behavior. But you can give it a try, I'd insert a negative dentry for ".." if ".." is child of the current root. Thanks, //richard -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
