svn commit: r308212 - in head/sys: fs/nfsserver kern sys
Conrad Meyer
cem at freebsd.org
Fri Dec 9 20:13:17 UTC 2016
On Wed, Nov 2, 2016 at 5:43 AM, Konstantin Belousov <kib at freebsd.org> wrote:
> Author: kib
> Date: Wed Nov 2 12:43:15 2016
> New Revision: 308212
> URL: https://svnweb.freebsd.org/changeset/base/308212
>
> Log:
> Allow some dotdot lookups in capability mode.
>
> If dotdot lookup does not escape from the file descriptor passed as
> the lookup root, we can allow the component traversal. Track the
> directories traversed, and check the result of dotdot lookup against
> the recorded list of the directory vnodes.
>
> Dotdot lookups are enabled by sysctl vfs.lookup_cap_dotdot, currently
> disabled by default until more verification of the approach is done.
Hi Konstantin,
Are we waiting on a specific reviewer or something else? It would be
very nice to have this enabled by default.
Thanks,
Conrad
More information about the svn-src-all
mailing list