From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752167AbdEEBG6 (ORCPT ); Thu, 4 May 2017 21:06:58 -0400 Received: from zeniv.linux.org.uk ([195.92.253.2]:36390 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751525AbdEEBG5 (ORCPT ); Thu, 4 May 2017 21:06:57 -0400 Date: Fri, 5 May 2017 02:06:54 +0100 From: Al Viro To: Andy Lutomirski Cc: Jann Horn , Linux API , "linux-kernel@vger.kernel.org" , Linux FS Devel , Linus Torvalds Subject: Re: new ...at() flag: AT_NO_JUMPS Message-ID: <20170505010654.GN29622@ZenIV.linux.org.uk> References: <20170429220414.GT29622@ZenIV.linux.org.uk> <20170505003030.GM29622@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.7.1 (2016-10-04) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 04, 2017 at 05:44:19PM -0700, Andy Lutomirski wrote: > > It's not quite O_BENEATH, and IMO it's saner that way - a/b/c/../d is > > bloody well allowed, and so are relative symlinks that do not lead out of > > the subtree. If somebody has a good argument in favour of flat-out > > ban on .. (_other_ than "other guys do it that way, and it doesn't need > > to make sense 'cuz security!!1!!!", please), I'd be glad to hear it. > > I don't have an argument for allowing '..'. I think it would be okay > to disallow it, but I don't think it matters all that much either way. Relative symlinks as argument in favour of allowing .. _when_ _it_ _stays_ _in_ _subtree_. > > For the latter I would prefer -EXDEV, for obvious reasons. For the former... > > not sure. I'm not too happy about -ELOOP, but -EPERM (as with O_BENEATH) > > is an atrocity - it's even more overloaded. > > > > Suggestions? > > -EDOTDOT would be amusing. For ln -s /tmp foo/bar, lookup for foo/bar/baz? Seriously? Hell, even -EXDEV would make more sense...