Re: [PATCH RFC 0/1] mount: universally disallow mounting over symlinks

From: Ian Kent
Date: Tue Jan 14 2020 - 00:01:40 EST


On Tue, 2020-01-14 at 04:39 +0000, Al Viro wrote:
> On Tue, Jan 14, 2020 at 08:25:19AM +0800, Ian Kent wrote:
>
> > This isn't right.
> >
> > There's actually nothing stopping a user from using a direct map
> > entry that's a multi-mount without an actual mount at its root.
> > So there could be directories created under these, it's just not
> > usually done.
> >
> > I'm pretty sure I don't check and disallow this.
>
> IDGI... How the hell will that work in v5? Who will set _any_
> traps outside the one in root in that scenario? autofs_lookup()
> won't (there it's conditional upon indirect mount). Neither
> will autofs_dir_mkdir() (conditional upon version being less
> than 5). Who will, then?
>
> Confused...

It's easy to miss.

For autofs type direct and offset mounts the flags are set at fill
super time.

They have to be set then because they are direct mounts and offset
mounts behave the same as direct mounts so they need to be set then
too. So, like direct mounts, offset mounts are each distinct autofs
(trigger) mounts.

I could check for this construct and refuse it if that's really
needed. I'm pretty sure this map construct isn't much used by
people using direct mounts.

Ian