Page MenuHomeFreeBSD
Differential D8746

Enable lookup_cap_dotdot and lookup_cap_dotdot_nonlocal by default.
ClosedPublic
Actions

Authored by kib on Dec 10 2016, 10:10 AM.
Tags
Referenced Files
Unknown Object (File)
Thu, Jan 16, 2:43 PM
Unknown Object (File)
Mon, Jan 13, 2:42 AM
Unknown Object (File)
Dec 13 2024, 11:07 AM
Unknown Object (File)
Oct 31 2024, 2:40 PM
Unknown Object (File)
Oct 24 2024, 9:46 PM
Unknown Object (File)
Sep 13 2024, 10:01 PM
Unknown Object (File)
Sep 9 2024, 2:38 AM
Unknown Object (File)
Sep 8 2024, 9:29 PM
View All 61 Files
Subscribers
imp

Details

Reviewers
emaste
cem
Commits
rS309887: Enable lookup_cap_dotdot and lookup_cap_dotdot_nonlocal.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kib updated this revision to Diff 22796.Dec 10 2016, 10:10 AM
kib retitled this revision from to Enable lookup_cap_dotdot and lookup_cap_dotdot_nonlocal by default..
kib updated this object.
kib edited the test plan for this revision. (Show Details)
kib added reviewers: cem, emaste.
kib set the repository for this revision to rS FreeBSD src repository - subversion.
kib added a project: capsicum.
Herald added a subscriber: imp. · View Herald TranscriptDec 10 2016, 10:10 AM
cem added inline comments.Dec 10 2016, 10:08 PM
sys/kern/vfs_lookup.c
168 ↗(On Diff #22796)

Should nonlocal lookup be allowed by default?

cem edited edge metadata.Dec 11 2016, 3:16 AM

For local dotdot lookups in capsicum mode, I think it will be very easy to add some unit tests confirming correct behavior.

cem added a comment.Dec 11 2016, 4:08 AM
In D8746#181220, @cem wrote:

For local dotdot lookups in capsicum mode, I think it will be very easy to add some unit tests confirming correct behavior.

Here's an initial stab at that: https://reviews.freebsd.org/D8748

kib added inline comments.Dec 11 2016, 6:23 PM
sys/kern/vfs_lookup.c
168 ↗(On Diff #22796)

I do not see why not, now, at least in head. I am not sure about the original considerations about covert interactions between two clients, and suspect that the client-side incoherence is needed to even try to achieve the escape. I propose to keep this simple at least in head, and turn the knob off if working scenario is actually proposed.

cem accepted this revision.Dec 11 2016, 6:38 PM
cem edited edge metadata.
This revision is now accepted and ready to land.Dec 11 2016, 6:38 PM
Closed by commit rS309887: Enable lookup_cap_dotdot and lookup_cap_dotdot_nonlocal. (authored by kib). · Explain WhyDec 12 2016, 11:12 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
sys/
kern/
9 lines

Diff 22841

View Options

head/sys/kern/vfs_lookup.c

Loading...