Re: PATCH: smart symlink loop detection.

Linus Torvalds (torvalds@transmeta.com)
Tue, 14 Apr 1998 12:30:11 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Eric W. Biederman: "Re: VM: question"
Previous message: David Schwartz: "Re: OFFTOPIC: 'do { ... } while (0)?'"

On Tue, 14 Apr 1998, C. Scott Ananian wrote:
>
> Right. I was thinking of doing some string magic to keep that stack in
> the lookup string itself. My earlier comment about extreme cleverness
> with the path string would apply. I think your explicit stack is actually
> a much cleaner approach. I don't like doing string manipulation in C.
>
> Are there path-length limits elsewhere in the kernel?

Yes. A PAGE_SIZE is the maximum size of any path (and that includes the
ending '\0'). This shows in many places, like "get_name()" and
"sys_getcwd()", and it is acceptable to consider this a real limit.

> Also, my understanding is that the kernel can be preempted when it blocks
> for a disk read, correct? So we still need a hard limit *somewhere* to
> prevent a denial-of-service attack: the attacker creates a long loop of
> symlinks, and then breaks the loop in the middle, isolating the two
> tarjan-algorithm pointers and preventing the lookup from every
> terminating.

We need the limit anyway, to make our stack size limited.

Linus

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Eric W. Biederman: "Re: VM: question"
Previous message: David Schwartz: "Re: OFFTOPIC: 'do { ... } while (0)?'"