* Proposal for the new mount options: no_symlink and no_new_symlink
@ 2020-11-13 20:35 Igor Zhbanov
2020-11-16 18:03 ` Aleksa Sarai
0 siblings, 1 reply; 2+ messages in thread
From: Igor Zhbanov @ 2020-11-13 20:35 UTC (permalink / raw)
To: linux-fsdevel
Hello,
I want to implement 2 new mount options: "no_symlink" and "no_new_symlink".
The "nosymlink" option will act like "nodev", i.e. it will ignore all created
symbolic links.
And the option "no_new_symlink" is for more relaxed configuration. It will
allow to follow already existing symbolic links but forbid to create new.
It could be useful to remount filesystem after system upgrade with this option.
The idea behind these options is that a user controlled symbolic link could
affect poorly designed applications or system services that are using fixed
paths to read/write their data. Such a place could be: /tmp (or similar)
directory, unknown USB drive with ext4 or user home.
I.e. it would be possible to mount external storage with hardened
"-o nosuid,nodev,no_symlink" to be sure that it contain only regular files.
What do you think about this?
The patch-set is simple. But I would like to know your opinion first.
Thank you.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-11-16 18:03 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-13 20:35 Proposal for the new mount options: no_symlink and no_new_symlink Igor Zhbanov
2020-11-16 18:03 ` Aleksa Sarai
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.