Re: [RFC] Add a prctl to disable ".." traversal in path resolution

From: Christian Brauner
Date: Fri Dec 13 2024 - 07:55:19 EST

Next message: Konrad Dybcio: "Re: [PATCH v4 1/2] arm64: dts: qcom: qcs615: add SDHC1 and SDHC2"
Previous message: Miguel Ojeda: "Re: [PATCH v3 4/4] rust: add parameter support to the `module!` macro"
In reply to: Aleksa Sarai: "Re: [RFC] Add a prctl to disable ".." traversal in path resolution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 12, 2024 at 02:56:59AM +1100, Aleksa Sarai wrote:
> On 2024-12-11, Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote:
> > Path traversal attacks remain a common security vulnerability
> > (https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=%22path+traversal%22)
> > and many are due to either failing to filter out ".." when validating a
> > path or incorrectly collapsing other sequences of "."s into ".." .
> > Evidence suggests that improving education isn't fixing the problem.
>
> I was thinking about adding a RESOLVE_NO_DOTDOT which would do something
> like this but on a per-openat2-call basis.

That's what I was thinking a while ago. I discussed that with Linus
in connection to a change by Jann for looking up module paths.

https://lore.kernel.org/r/CAADWXX_zpqzYdCpmQGF3JgsN4+wk3AsuQLCKREkDC1ScxSfDjQ@xxxxxxxxxxxxxx

>
> The main problem with making this global for the entire process is that
> most tools would not be able to practically enable this for themselves
> as it would require auditing the entire execution environment as well as
> all dependencies that might dare to use ".." in a path anywhere in their
> codebase.

I agree.

Next message: Konrad Dybcio: "Re: [PATCH v4 1/2] arm64: dts: qcom: qcs615: add SDHC1 and SDHC2"
Previous message: Miguel Ojeda: "Re: [PATCH v3 4/4] rust: add parameter support to the `module!` macro"
In reply to: Aleksa Sarai: "Re: [RFC] Add a prctl to disable ".." traversal in path resolution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]