[Bug 269780] O_RESOLVE_BENEATH succeeds on ".." on "/"

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 269780] O_RESOLVE_BENEATH succeeds on ".." on "/""
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 23 Feb 2023 14:24:34 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269780

--- Comment #2 from Dan Gohman <dev@sunfishcode.online> ---
For example, if I have a network file server using O_RESOLVE_BENEATH to ensure
that I'm only serving files within a certain directory, and the directory
contains directories like "bin", "etc", and similar, attackers could tell
whether I'm serving up my actual root directory or just some other directory
that has root-like contents.

If it is my actual root directory, that might help them learn about the version
or configuration of the system the server is running on. It may also reveal
that the server is running FreeBSD, since the Linux with RESOLVE_BENEATH
implementation and the portable-but-slow implementation I have both fail in
this situation.

-- 
You are receiving this mail because:
You are the assignee for the bug.