microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/fs
История
Mattias Nissler dab741e0e0 Add a "nosymfollow" mount option. 
For mounts that have the new "nosymfollow" option, don't follow symlinks
when resolving paths. The new option is similar in spirit to the
existing "nodev", "noexec", and "nosuid" options, as well as to the
LOOKUP_NO_SYMLINKS resolve flag in the openat2(2) syscall. Various BSD
variants have been supporting the "nosymfollow" mount option for a long
time with equivalent implementations.

Note that symlinks may still be created on file systems mounted with
the "nosymfollow" option present. readlink() remains functional, so
user space code that is aware of symlinks can still choose to follow
them explicitly.

Setting the "nosymfollow" mount option helps prevent privileged
writers from modifying files unintentionally in case there is an
unexpected link along the accessed path. The "nosymfollow" option is
thus useful as a defensive measure for systems that need to deal with
untrusted file systems in privileged contexts.

More information on the history and motivation for this patch can be
found here:

https://sites.google.com/a/chromium.org/dev/chromium-os/chromiumos-design-docs/hardening-against-malicious-stateful-data#TOC-Restricting-symlink-traversal

Signed-off-by: Mattias Nissler <mnissler@chromium.org>
Signed-off-by: Ross Zwisler <zwisler@google.com>
Reviewed-by: Aleksa Sarai <cyphar@cyphar.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
 		2020-08-27 16:06:47 -04:00
..
9p 9p: Remove unneeded cast from memory allocation 2020-07-31 07:28:25 +02:00
adfs
affs
afs Remove uninitialized_var() macro for v5.9-rc1 2020-08-04 13:49:43 -07:00
autofs fs: autofs: delete repeated words in comments 2020-08-14 19:56:56 -07:00
befs
bfs
btrfs for-5.9-tag 2020-08-13 12:26:18 -07:00
cachefiles
ceph ceph: handle zero-length feature mask in session messages 2020-08-05 17:47:07 +02:00
cifs 3 small cifs/smb3 fixes, one for stable fixing mkdir path with idsfromsid mount option 2020-08-15 08:31:39 -07:00
coda
configfs
cramfs
crypto mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
debugfs Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-08-05 20:13:21 -07:00
devpts
dlm dlm for 5.9 2020-08-06 19:44:25 -07:00
ecryptfs mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
efivarfs
efs
erofs Changes since last update: 2020-08-06 19:22:51 -07:00
exfat exfat: retain 'VolumeFlags' properly 2020-08-12 08:31:13 +09:00
exportfs
ext2 ext2: ext2.h: fix duplicated word + typos 2020-07-27 10:58:06 +02:00
ext4 New code for 5.9: 2020-08-06 19:35:12 -07:00
f2fs f2fs-for-5.9-rc1 2020-08-10 18:33:22 -07:00
fat fat: fix fat_ra_init() for data clusters == 0 2020-08-12 10:58:01 -07:00
freevxfs
fscache
fuse virtio: fixes, features 2020-08-11 14:34:17 -07:00
gfs2 Changes in gfs2: 2020-08-10 18:22:43 -07:00
hfs
hfsplus
hostfs
hpfs
hugetlbfs hugetlbfs: prevent filesystem stacking of hugetlbfs 2020-08-12 10:57:56 -07:00
iomap iomap: fall back to buffered writes for invalidation failures 2020-08-05 09:24:16 -07:00
isofs Remove uninitialized_var() macro for v5.9-rc1 2020-08-04 13:49:43 -07:00
jbd2
jffs2 This pull request contains changes for JFFS2, UBI and UBIFS 2020-08-10 18:20:04 -07:00
jfs
kernfs fsnotify: pass dir and inode arguments to fsnotify() 2020-07-27 23:15:48 +02:00
lockd
minix fs/minix: remove expected error message in block_to_path() 2020-08-12 10:58:00 -07:00
nfs NFS client updates for Linux 5.9 2020-08-15 08:26:55 -07:00
nfs_common
nfsd Highlights: 2020-08-09 13:58:04 -07:00
nilfs2 nilfs2: use a more common logging style 2020-08-12 10:58:01 -07:00
nls
notify fanotify: compare fsid when merging name event 2020-07-28 10:58:07 +02:00
ntfs ntfs: fix ntfs_test_inode and ntfs_init_locked_inode function type 2020-08-07 11:33:21 -07:00
ocfs2 Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-08-07 21:14:30 -07:00
omfs
openpromfs
orangefs orangefs: remove unnecessary assignment to variable ret 2020-08-04 15:01:58 -04:00
overlayfs Remove uninitialized_var() macro for v5.9-rc1 2020-08-04 13:49:43 -07:00
proc mm, oom: make the calculation of oom badness more accurate 2020-08-12 10:57:56 -07:00
pstore
qnx4
qnx6
quota \n 2020-08-06 19:28:26 -07:00
ramfs
reiserfs \n 2020-08-06 19:28:26 -07:00
romfs
squashfs squashfs: fix length field overlap check in metadata reading 2020-07-24 12:42:41 -07:00
sysfs
sysv
tracefs
ubifs This pull request contains changes for JFFS2, UBI and UBIFS 2020-08-10 18:20:04 -07:00
udf \n 2020-08-06 19:28:26 -07:00
ufs fs/ufs: avoid potential u32 multiplication overflow 2020-08-12 10:58:01 -07:00
unicode
vboxsf
verity fs-verity: use smp_load_acquire() for ->i_verity_info 2020-07-21 16:02:41 -07:00
xfs Fixes for 5.9-rc1: 2020-08-13 12:22:19 -07:00
zonefs zonefs: add zone-capacity support 2020-08-11 17:42:24 +09:00
Kconfig tmpfs: support 64-bit inums per-sb 2020-08-07 11:33:24 -07:00
Kconfig.binfmt
Makefile init: add an init_mount helper 2020-07-31 08:17:51 +02:00
aio.c mm: remove unnecessary wrapper function do_mmap_pgoff() 2020-08-07 11:33:27 -07:00
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf.c kill elf_fpxregs_t 2020-07-27 14:29:23 -04:00
binfmt_elf_fdpic.c Merge branch 'work.fdpic' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-08-07 13:29:39 -07:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
block_dev.c for-5.9/io_uring-20200802 2020-08-03 13:01:22 -07:00
buffer.c for-5.9/block-20200802 2020-08-03 11:57:03 -07:00
char_dev.c
compat.c
compat_binfmt_elf.c
coredump.c coredump: add %f for executable filename 2020-08-12 10:58:01 -07:00
d_path.c
dax.c dax: Fix incorrect argument passed to xas_set_err() 2020-07-30 18:14:33 -06:00
dcache.c vfs: Use sequence counter with associated spinlock 2020-07-29 16:14:27 +02:00
dcookies.c
direct-io.c
drop_caches.c
eventfd.c
eventpoll.c
exec.c mm/gup: remove task_struct pointer for all gup code 2020-08-12 10:58:04 -07:00
fcntl.c
fhandle.c
file.c Merge branch 'hch.init_path' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-08-07 09:40:34 -07:00
file_table.c
filesystems.c
fs-writeback.c
fs_context.c
fs_parser.c
fs_pin.c
fs_struct.c vfs: Use sequence counter with associated spinlock 2020-07-29 16:14:27 +02:00
fs_types.c
fsopen.c
init.c init: add an init_dup helper 2020-08-04 21:02:38 -04:00
inode.c
internal.h Merge branch 'hch.init_path' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-08-07 09:40:34 -07:00
io-wq.c io-wq: update hash bits 2020-07-25 09:47:44 -06:00
io-wq.h io_uring/io-wq: move RLIMIT_FSIZE to io-wq 2020-07-24 13:00:44 -06:00
io_uring.c io_uring: short circuit -EAGAIN for blocking read attempt 2020-08-15 15:58:42 -07:00
ioctl.c fs: remove ksys_ioctl 2020-07-31 08:16:01 +02:00
libfs.c
locks.c Highlights: 2020-08-09 13:58:04 -07:00
mbcache.c
mount.h
mpage.c
namei.c Add a "nosymfollow" mount option. 2020-08-27 16:06:47 -04:00
namespace.c Add a "nosymfollow" mount option. 2020-08-27 16:06:47 -04:00
no-block.c
nsfs.c
open.c exec: move S_ISREG() check earlier 2020-08-12 10:58:01 -07:00
pipe.c
pnode.c
pnode.h
posix_acl.c
proc_namespace.c Add a "nosymfollow" mount option. 2020-08-27 16:06:47 -04:00
read_write.c initrd: switch initrd loading to struct file based APIs 2020-07-30 08:22:47 +02:00
readdir.c fs: remove ksys_getdents64 2020-07-31 08:16:00 +02:00
select.c
seq_file.c
signalfd.c fs/signalfd.c: fix inconsistent return codes for signalfd4 2020-08-12 10:58:01 -07:00
splice.c
stack.c
stat.c
statfs.c Add a "nosymfollow" mount option. 2020-08-27 16:06:47 -04:00
super.c
sync.c
timerfd.c
userfaultfd.c A set of locking fixes and updates: 2020-08-10 19:07:44 -07:00
utimes.c fs: expose utimes_common 2020-07-31 08:16:01 +02:00
xattr.c