git: a2c87d4f88e1 - main - symlink.7: add a new section "mount options"

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Wolfram Schneider <wosch_at_FreeBSD.org>
Date: Mon, 19 Jan 2026 10:53:06 UTC
The branch main has been updated by wosch:

URL: https://cgit.FreeBSD.org/src/commit/?id=a2c87d4f88e1bfe3b7007fa7148ebc7d37fc54cc

commit a2c87d4f88e1bfe3b7007fa7148ebc7d37fc54cc
Author:     Wolfram Schneider <wosch@FreeBSD.org>
AuthorDate: 2026-01-19 10:47:53 +0000
Commit:     Wolfram Schneider <wosch@FreeBSD.org>
CommitDate: 2026-01-19 10:47:53 +0000

    symlink.7: add a new section "mount options"
    
    Add a new section "mount options" to explain
    the mount option nosymfollow in more details.
    
    Differential Revision:  https://reviews.freebsd.org/D54530
---
 bin/ln/symlink.7 | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/bin/ln/symlink.7 b/bin/ln/symlink.7
index 28d9908f2053..db251e1d2985 100644
--- a/bin/ln/symlink.7
+++ b/bin/ln/symlink.7
@@ -72,13 +72,15 @@ or a loop is detected.
 links that may be followed, and an error results if this limit is
 exceeded.)
 .Pp
-There are three separate areas that need to be discussed.
+There are four separate areas that need to be discussed.
 They are as follows:
 .Pp
 .Bl -enum -compact -offset indent
 .It
 Symbolic links used as file name arguments for system calls.
 .It
+Mount options to ignore symbolic links.
+.It
 Symbolic links specified as command line arguments to utilities that
 are not traversing a file tree.
 .It
@@ -178,6 +180,20 @@ The
 system call was added later when the limitations of the new
 .Xr chown 2
 became apparent.
+.Ss Mount options
+.Fx
+has a 
+.Xr mount 8
+option nosymfollow. When this option is enabled, the kernel
+does not follow symlinks on the mounted file system and return EACCES.
+You can still create or remove symlinks, or read the value of a symbolic link.
+.Pp
+This option is intended to be used when mounting file systems from
+untrusted external storage systems or public writable /tmp file systems
+to prevent symlink-based privilege escalation and sandbox escape attacks.
+.Pp
+The mount option nosymfollow first appeared in
+.Fx 3.0
 .Ss Commands not traversing a file tree.
 The second area is symbolic links, specified as command line file
 name arguments, to commands which are not traversing a file tree.
@@ -478,4 +494,5 @@ whether specified on the command line or encountered in the tree walk.
 .Xr unlink 2 ,
 .Xr fts 3 ,
 .Xr remove 3 ,
-.Xr chown 8
+.Xr chown 8 ,
+.Xr mount 8