On Mon 2018-03-12 00:35:34, Alexey Dobriyan wrote: > On Sun, Mar 11, 2018 at 10:30:58PM +0100, Pavel Machek wrote: > > On Sat 2018-03-10 03:12:23, Alexey Dobriyan wrote: > > > Various subsystems can create files and directories in /proc > > > with names directly controlled by userspace. > > > > > > Which means "/", "." and ".." are no-no. > > > > > > "/" split is already taken care of, do the other 2 prohibited names. > > > > Hmm, patch is probably good idea, but now it means that userspace can > > trigger WARN()s, and can hide objects from root by naming them '.' and > > '..'... which is not good. > > Patch rejects creation of such entries. > > And they should be harmless as VFS lookup won't find them, only readdir > would. It not clear how they could be useful.
Yeah, as I said, that's half of problem. If I can name my object "." and it will be hidden from root, that sounds like a security hole to be prevented. So if you know _which_ subsystem allow creating files and directories in /proc with names directly controlled by userspace, please let us know, we want to fix that. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
signature.asc
Description: Digital signature