Add S_IFTRIGGER to st_mode [PSARC/2007/563 FastTrack timeout 10/04/2007]
Tom Haynes
Thomas.Haynes at sun.com
Thu Oct 4 20:59:30 PDT 2007
Bill Sommerfeld wrote:
>
> It's premature to change the existing code until you can explain both
> the problem it's trying to solve and the way it's getting it wrong.
>
>
>
Clarifying a few points...
This proposal does not add security. This case proposes a file system
independent interface which will replace an existing file system specific
check within nftw(3C).
There are a few subtle cases that nftw(3C) needs to deal with between
the time it stat()s a directory and the time it enters that directory.
These are security-related in that the operations could be malicious
or inadvertent. In either case, the current implementation of nftw(3C)
handles them.
CR 5032820 [1] describes the original security concerns with symlinks.
CR 6198351 [2] describes how the automounter could produce a false-positive
for a security breach inside nftw(3C)
The solution implemented by CR 6198351 compared the fstype with the string
"autofs". This case proposes to replace that check with a file system
independent check by adding S_IFTRIGGER to st_mode and a corresponding
test macro, IS_IFTRIGGER(). This will enable mirror-mounts (PSARC
2007/416)
and future NFS-related enhancements to work correctly.
[1] 5032820 nftw must make sure it isn't tricked into following symlinks
[2] 6198351 automounting causes EAGAIN for nftw(), hence find(1) can fail
More information about the opensolaris-arc
mailing list