Re: [PATCH v4] Add a "nosymfollow" mount option.
From: Matthew Wilcox
Date: Thu Jan 30 2020 - 19:46:05 EST
On Thu, Jan 30, 2020 at 05:27:50PM -0700, Ross Zwisler wrote:
> For mounts that have the new "nosymfollow" option, don't follow
> symlinks when resolving paths. The new option is similar in spirit to
> the existing "nodev", "noexec", and "nosuid" options. Various BSD
> variants have been supporting the "nosymfollow" mount option for a
> long time with equivalent implementations.
>
> Note that symlinks may still be created on file systems mounted with
> the "nosymfollow" option present. readlink() remains functional, so
> user space code that is aware of symlinks can still choose to follow
> them explicitly.
>
> Setting the "nosymfollow" mount option helps prevent privileged
> writers from modifying files unintentionally in case there is an
> unexpected link along the accessed path. The "nosymfollow" option is
> thus useful as a defensive measure for systems that need to deal with
> untrusted file systems in privileged contexts.
The openat2 series was just merged yesterday which includes a
LOOKUP_NO_SYMLINKS option. Is this enough for your needs, or do you
need the mount option?
https://lore.kernel.org/linux-fsdevel/20200129142709.GX23230@xxxxxxxxxxxxxxxxxx/