Bill Sommerfeld wrote: > > It's premature to change the existing code until you can explain both > the problem it's trying to solve and the way it's getting it wrong. > > >
Clarifying a few points... This proposal does not add security. This case proposes a file system independent interface which will replace an existing file system specific check within nftw(3C). There are a few subtle cases that nftw(3C) needs to deal with between the time it stat()s a directory and the time it enters that directory. These are security-related in that the operations could be malicious or inadvertent. In either case, the current implementation of nftw(3C) handles them. CR 5032820 [1] describes the original security concerns with symlinks. CR 6198351 [2] describes how the automounter could produce a false-positive for a security breach inside nftw(3C) The solution implemented by CR 6198351 compared the fstype with the string "autofs". This case proposes to replace that check with a file system independent check by adding S_IFTRIGGER to st_mode and a corresponding test macro, IS_IFTRIGGER(). This will enable mirror-mounts (PSARC 2007/416) and future NFS-related enhancements to work correctly. [1] 5032820 nftw must make sure it isn't tricked into following symlinks [2] 6198351 automounting causes EAGAIN for nftw(), hence find(1) can fail
