Re: [PATCH] attr: block mode changes of symlinks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jul 12, 2023 at 09:24:43AM -0700, Linus Torvalds wrote:
> On Wed, 12 Jul 2023 at 02:56, Christian Brauner <brauner@xxxxxxxxxx> wrote:
> >
> > Changing the mode of symlinks is meaningless as the vfs doesn't take the
> > mode of a symlink into account during path lookup permission checking.
> 
> Hmm. I have this dim memory that we actually used to do that as an
> extension at one point for the symlinks in /proc. Long long ago.

If we block it properly now. We could - crazy talk on my side now:
through a sysctl like the weird sysctl sysctl_protected_* stuff we have
already - later implement taking the mode of symlinks into account
properly. I'm not saying we should nor that it's wise but it would be
doable.

> 
> Or maybe it was just a potential plan.
> 
> Because at least in /proc, the symlinks *do* have protection semantics
> (ie you can't do readlink() on them or follow them without the right
> permissions.
> 
> That said, blocking the mode setting sounds fine, because the proc
> permissions are basically done separately.
> 
> However:
> 
> >         if ((ia_valid & ATTR_MODE)) {
> > +               if (S_ISLNK(inode->i_mode))
> > +                       return -EOPNOTSUPP;
> > +
> >                 umode_t amode = attr->ia_mode;
> 
> The above is not ok. It might compile these days because we have to
> allow statements before declarations for other reasons, but that
> doesn't make it ok.

Sorry, I completely missed that. I miss the days when that would've
thrown a compile error right away. Let me send a v2 right now.



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux