[Bug 269780] O_RESOLVE_BENEATH succeeds on ".." on "/"

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 23 Feb 2023 13:34:41 UTC

            Bug ID: 269780
           Summary: O_RESOLVE_BENEATH succeeds on ".." on "/"
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: dev@sunfishcode.online

Thanks for adding the O_RESOLVE_BENEATH flag [0].

I do have one report of surprising behavior with it. It seems that opening ".."
with a base fd referencing "/" succeeds. This is understandable, because ".."
in the root directory refers to the root directory, and indeed it's not outside
the base fd in that case.

However, use cases for O_RESOLVE_BENEATH would be better served by having an
open of ".." with a base fd of the root directory fail. If one has path strings
coming from an untrusted source, one wouldn't want the source to be able to
tell where the base is in the overall filesystem namespace. If opening ".." at
the top level succeeds, that reveals that the base directory is in fact the
root directory.

For comparison, Linux's openat2's RESOLVE_BENEATH flag fails on ".." at the

[0]: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248335

You are receiving this mail because:
You are the assignee for the bug.