Date: Wed, 29 Jul 2020 21:20:25 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 248335] O_BENEATH leaks information about parent directories Message-ID: <bug-248335-227-GgMesgstIT@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-248335-227@https.bugs.freebsd.org/bugzilla/> References: <bug-248335-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248335 --- Comment #3 from Konstantin Belousov <kib@FreeBSD.org> --- But user could only guess-check only his own username, no ? O_BENEATH usage was designed to confine existing non-capsicumized apps, which only need access to the known subset of the whole filesystem namespace. Typical example is compiler which only needs to access source file, hierarchies of headers, and write output file. There, we can pre-allocate dirfds for /usr/include and /usr/local/include. On the other hand, build systems often use relative paths with dotdots to express target directory as relative to source, so dotdot support was needed for intended application of our O_BENEATH. Anyway, if you can provide somewhat more precise explanation of the desired behavior, and perhaps give the name for the new O_ flag, I will implement it as well. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-248335-227-GgMesgstIT>