On Tue, 9 May 2017 11:12:58 +0200
Greg Kurz <groug@kaod.org> wrote:

> On Fri, 5 May 2017 11:59:15 -0500
> Eric Blake <eblake@redhat.com> wrote:
> 
> > On 05/05/2017 09:37 AM, Greg Kurz wrote:  
> > > When using the mapped-file security mode, the creds of a path /foo/bar
> > > are stored in the /foo/.virtfs_metadata/bar file. This is okay for all
> > > paths unless they end with '.' or '..', because we cannot create the
> > > corresponding file in the metadata directory.
> > > 
> > > This patch ensures that '.' and '..' are resolved in all paths.
> > > 
> > > The core code only passes path elements (no '/') to the backend, with
> > > the notable exception of the '/' path, which refers to the virtfs root.
> > > This patch preserve the current behavior of converting it to '.' so    
[...]
> > > +        } else if (!strcmp(name, "..")) {
> > > +            if (!strcmp(dir_path->data, ".")) {
> > > +                /* ".." relative to the root is "." */
> > > +                v9fs_path_sprintf(target, ".");
> > > +            } else {
> > > +                char *tmp = g_path_get_dirname(dir_path->data);
> > > +                /* ".." relative to "foo/bar" is equivalent to "foo" */    
> > 
> > True only if bar is not a symlink to some other directory.  What
> > guarantees do you have that you are not going to be inadvertently
> > skipping a traversal through symlinks and thereby picking the wrong
> > location for '..'?
> >   
> 
> My understanding is that symlinks are supposed to be resolved by the client,
> and we shouldn't follow them in the server.
> 

Eric,

Do you have any comment further comment or can I go on with this change ?

Cheers,

--
Greg