[Bug 248335] O_BENEATH leaks information about parent directories
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jul 29 20:14:07 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248335
--- Comment #2 from Dan Gohman <sunfish at mozilla.com> ---
As an example, paths may contain usernames. Usernames may not be sensitive in a
username/password sense, but they are in a personally-identifying-information
sense.
In my application, we have untrusted WebAssembly bytecode running inside an
interpreter. The bytecode may make calls to an API called WASI, which includes
POSIX-like filesystem access. We have an implementation of WASI which
implements sandboxing that works on FreeBSD, however it's slow (about one
syscall per path component). A feature like `O_BENEATH` but which instead
blocks access to paths outside the topping directory could run much faster.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list