Date: Thu, 23 Feb 2023 13:34:41 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 269780] O_RESOLVE_BENEATH succeeds on ".." on "/" Message-ID: <bug-269780-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D269780 Bug ID: 269780 Summary: O_RESOLVE_BENEATH succeeds on ".." on "/" Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: dev@sunfishcode.online Thanks for adding the O_RESOLVE_BENEATH flag [0]. I do have one report of surprising behavior with it. It seems that opening = ".." with a base fd referencing "/" succeeds. This is understandable, because ".= ." in the root directory refers to the root directory, and indeed it's not out= side the base fd in that case. However, use cases for O_RESOLVE_BENEATH would be better served by having an open of ".." with a base fd of the root directory fail. If one has path str= ings coming from an untrusted source, one wouldn't want the source to be able to tell where the base is in the overall filesystem namespace. If opening ".."= at the top level succeeds, that reveals that the base directory is in fact the root directory. For comparison, Linux's openat2's RESOLVE_BENEATH flag fails on ".." at the root. [0]: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D248335 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-269780-227>