mirror of
https://github.com/opnsense/src.git
synced 2026-04-26 00:27:08 -04:00
7359fdcf5f
If dotdot lookup does not escape from the file descriptor passed as the lookup root, we can allow the component traversal. Track the directories traversed, and check the result of dotdot lookup against the recorded list of the directory vnodes. Dotdot lookups are enabled by sysctl vfs.lookup_cap_dotdot, currently disabled by default until more verification of the approach is done. Disallow non-local filesystems for dotdot, since remote server might conspire with the local process to allow it to escape the namespace. This might be too cautious, provide the knob vfs.lookup_cap_dotdot_nonlocal to override as well. Idea by: rwatson Discussed with: emaste, jonathan, rwatson Reviewed by: mjg (previous version) Tested by: pho (previous version) Sponsored by: The FreeBSD Foundation MFC after: 2 week Differential revision: https://reviews.freebsd.org/D8110 |
||
|---|---|---|
| .. | ||
| autofs | ||
| cd9660 | ||
| cuse | ||
| deadfs | ||
| devfs | ||
| ext2fs | ||
| fdescfs | ||
| fifofs | ||
| fuse | ||
| msdosfs | ||
| nandfs | ||
| nfs | ||
| nfsclient | ||
| nfsserver | ||
| nullfs | ||
| procfs | ||
| pseudofs | ||
| smbfs | ||
| tmpfs | ||
| udf | ||
| unionfs | ||