From 5ddc8ded1dbe650b7d83240a1f86a1eb6e2b9b5a Mon Sep 17 00:00:00 2001 From: Wolfram Schneider Date: Wed, 8 Apr 1998 18:31:59 +0000 Subject: [PATCH] New mount option nosymfollow. If enabled, the kernel lookup() function will not follow symbolic links on the mounted file system and return EACCES (Permission denied). --- sbin/mount/mntopts.h | 4 +++- sbin/mount/mount.8 | 5 ++++- sbin/mount/mount.c | 5 ++++- sbin/mount_ifs/mntopts.h | 4 +++- sbin/mount_ifs/mount.8 | 5 ++++- sbin/mount_ifs/mount.c | 5 ++++- sys/kern/vfs_extattr.c | 8 +++----- sys/kern/vfs_lookup.c | 6 +++++- sys/kern/vfs_syscalls.c | 8 +++----- sys/kern/vfs_vnops.c | 7 ++++++- sys/sys/mount.h | 3 ++- 11 files changed, 41 insertions(+), 19 deletions(-) diff --git a/sbin/mount/mntopts.h b/sbin/mount/mntopts.h index d9402cf4e0ed..e78518a377bb 100644 --- a/sbin/mount/mntopts.h +++ b/sbin/mount/mntopts.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)mntopts.h 8.7 (Berkeley) 3/29/95 - * $Id: mntopts.h,v 1.11 1997/09/27 13:44:08 kato Exp $ + * $Id: mntopts.h,v 1.12 1997/11/13 00:28:48 julian Exp $ */ struct mntopt { @@ -47,6 +47,7 @@ struct mntopt { #define MOPT_NODEV { "dev", 1, MNT_NODEV, 0 } #define MOPT_NOEXEC { "exec", 1, MNT_NOEXEC, 0 } #define MOPT_NOSUID { "suid", 1, MNT_NOSUID, 0 } +#define MOPT_NOSYMFOLLOW { "symfollow", 1, MNT_NOSYMFOLLOW, 0 } #define MOPT_RDONLY { "rdonly", 0, MNT_RDONLY, 0 } #define MOPT_SYNC { "sync", 0, MNT_SYNCHRONOUS, 0 } #define MOPT_UNION { "union", 0, MNT_UNION, 0 } @@ -80,6 +81,7 @@ struct mntopt { MOPT_NOEXEC, \ MOPT_SUIDDIR, /* must be before MOPT_NOSUID */ \ MOPT_NOSUID, \ + MOPT_NOSYMFOLLOW, \ MOPT_RDONLY, \ MOPT_UNION, \ MOPT_NOCLUSTERR, \ diff --git a/sbin/mount/mount.8 b/sbin/mount/mount.8 index c62e21410034..7c9c36e47655 100644 --- a/sbin/mount/mount.8 +++ b/sbin/mount/mount.8 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)mount.8 8.8 (Berkeley) 6/16/94 -.\" $Id: mount.8,v 1.20 1997/11/13 00:28:49 julian Exp $ +.\" $Id: mount.8,v 1.21 1997/12/01 00:44:16 steve Exp $ .\" .Dd June 16, 1994 .Dt MOUNT 8 @@ -146,6 +146,9 @@ Note: this option is worthless if a public available suid or sgid wrapper like .Xr suidperl 1 is installed on your system. +.It nosymfollow +Do not follow symlinks +on the mounted file system. .It rdonly The same as .Fl r ; diff --git a/sbin/mount/mount.c b/sbin/mount/mount.c index be4b75a8e8b0..00fc84263dde 100644 --- a/sbin/mount/mount.c +++ b/sbin/mount/mount.c @@ -42,7 +42,7 @@ static const char copyright[] = static char sccsid[] = "@(#)mount.c 8.25 (Berkeley) 5/8/95"; #else static const char rcsid[] = - "$Id: mount.c,v 1.23 1998/03/08 09:56:02 julian Exp $"; + "$Id: mount.c,v 1.24 1998/03/27 10:52:13 peter Exp $"; #endif #endif /* not lint */ @@ -91,6 +91,7 @@ static struct opt { { MNT_NODEV, "nodev" }, { MNT_NOEXEC, "noexec" }, { MNT_NOSUID, "nosuid" }, + { MNT_NOSYMFOLLOW, "nosymfollow" }, { MNT_QUOTA, "with quotas" }, { MNT_RDONLY, "read-only" }, { MNT_SYNCHRONOUS, "synchronous" }, @@ -607,6 +608,8 @@ putfsent(ent) printf(",noclusterr"); if (ent->f_flags & MNT_NOCLUSTERW) printf(",noclusterw"); + if (ent->f_flags & MNT_NOSYMFOLLOW) + printf (",nosymfollow"); if (ent->f_flags & MNT_SUIDDIR) printf(",suiddir"); diff --git a/sbin/mount_ifs/mntopts.h b/sbin/mount_ifs/mntopts.h index d9402cf4e0ed..e78518a377bb 100644 --- a/sbin/mount_ifs/mntopts.h +++ b/sbin/mount_ifs/mntopts.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)mntopts.h 8.7 (Berkeley) 3/29/95 - * $Id: mntopts.h,v 1.11 1997/09/27 13:44:08 kato Exp $ + * $Id: mntopts.h,v 1.12 1997/11/13 00:28:48 julian Exp $ */ struct mntopt { @@ -47,6 +47,7 @@ struct mntopt { #define MOPT_NODEV { "dev", 1, MNT_NODEV, 0 } #define MOPT_NOEXEC { "exec", 1, MNT_NOEXEC, 0 } #define MOPT_NOSUID { "suid", 1, MNT_NOSUID, 0 } +#define MOPT_NOSYMFOLLOW { "symfollow", 1, MNT_NOSYMFOLLOW, 0 } #define MOPT_RDONLY { "rdonly", 0, MNT_RDONLY, 0 } #define MOPT_SYNC { "sync", 0, MNT_SYNCHRONOUS, 0 } #define MOPT_UNION { "union", 0, MNT_UNION, 0 } @@ -80,6 +81,7 @@ struct mntopt { MOPT_NOEXEC, \ MOPT_SUIDDIR, /* must be before MOPT_NOSUID */ \ MOPT_NOSUID, \ + MOPT_NOSYMFOLLOW, \ MOPT_RDONLY, \ MOPT_UNION, \ MOPT_NOCLUSTERR, \ diff --git a/sbin/mount_ifs/mount.8 b/sbin/mount_ifs/mount.8 index c62e21410034..7c9c36e47655 100644 --- a/sbin/mount_ifs/mount.8 +++ b/sbin/mount_ifs/mount.8 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)mount.8 8.8 (Berkeley) 6/16/94 -.\" $Id: mount.8,v 1.20 1997/11/13 00:28:49 julian Exp $ +.\" $Id: mount.8,v 1.21 1997/12/01 00:44:16 steve Exp $ .\" .Dd June 16, 1994 .Dt MOUNT 8 @@ -146,6 +146,9 @@ Note: this option is worthless if a public available suid or sgid wrapper like .Xr suidperl 1 is installed on your system. +.It nosymfollow +Do not follow symlinks +on the mounted file system. .It rdonly The same as .Fl r ; diff --git a/sbin/mount_ifs/mount.c b/sbin/mount_ifs/mount.c index be4b75a8e8b0..00fc84263dde 100644 --- a/sbin/mount_ifs/mount.c +++ b/sbin/mount_ifs/mount.c @@ -42,7 +42,7 @@ static const char copyright[] = static char sccsid[] = "@(#)mount.c 8.25 (Berkeley) 5/8/95"; #else static const char rcsid[] = - "$Id: mount.c,v 1.23 1998/03/08 09:56:02 julian Exp $"; + "$Id: mount.c,v 1.24 1998/03/27 10:52:13 peter Exp $"; #endif #endif /* not lint */ @@ -91,6 +91,7 @@ static struct opt { { MNT_NODEV, "nodev" }, { MNT_NOEXEC, "noexec" }, { MNT_NOSUID, "nosuid" }, + { MNT_NOSYMFOLLOW, "nosymfollow" }, { MNT_QUOTA, "with quotas" }, { MNT_RDONLY, "read-only" }, { MNT_SYNCHRONOUS, "synchronous" }, @@ -607,6 +608,8 @@ putfsent(ent) printf(",noclusterr"); if (ent->f_flags & MNT_NOCLUSTERW) printf(",noclusterw"); + if (ent->f_flags & MNT_NOSYMFOLLOW) + printf (",nosymfollow"); if (ent->f_flags & MNT_SUIDDIR) printf(",suiddir"); diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c index 281820c40d28..406bd37d4f7c 100644 --- a/sys/kern/vfs_extattr.c +++ b/sys/kern/vfs_extattr.c @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94 - * $Id: vfs_syscalls.c,v 1.95 1998/03/08 09:57:21 julian Exp $ + * $Id: vfs_syscalls.c,v 1.96 1998/03/29 18:23:44 dyson Exp $ */ /* For 4.3 integer FS ID compatibility */ @@ -265,9 +265,11 @@ mount(p, uap) mp->mnt_kern_flag |= MNTK_WANTRDWR; mp->mnt_flag &=~ (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV | MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_NOATIME | + MNT_NOSYMFOLLOW | MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR); mp->mnt_flag |= SCARG(uap, flags) & (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV | MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_FORCE | + MNT_NOSYMFOLLOW | MNT_NOATIME | MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR); /* * Mount the filesystem. @@ -1503,8 +1505,6 @@ olstat(p, uap) return (error); vp = nd.ni_vp; error = vn_stat(vp, &sb, p); - if (vp->v_type == VLNK) - sb.st_mode |= S_IFLNK | ACCESSPERMS; /* 0777 */ vput(vp); if (error) return (error); @@ -1606,8 +1606,6 @@ lstat(p, uap) return (error); vp = nd.ni_vp; error = vn_stat(vp, &sb, p); - if (vp->v_type == VLNK) - sb.st_mode |= S_IFLNK | ACCESSPERMS; /* 0777 */ vput(vp); if (error) return (error); diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c index 3d258cc15784..709d8633b51d 100644 --- a/sys/kern/vfs_lookup.c +++ b/sys/kern/vfs_lookup.c @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)vfs_lookup.c 8.4 (Berkeley) 2/16/94 - * $Id: vfs_lookup.c,v 1.25 1998/02/06 12:13:30 eivind Exp $ + * $Id: vfs_lookup.c,v 1.26 1998/02/15 04:17:07 dyson Exp $ */ #include "opt_ktrace.h" @@ -502,6 +502,10 @@ lookup(ndp) ((cnp->cn_flags & FOLLOW) || trailing_slash || *ndp->ni_next == '/')) { cnp->cn_flags |= ISSYMLINK; + if (dp->v_mount->mnt_flag & MNT_NOSYMFOLLOW) { + error = EACCES; + goto bad2; + } return (0); } diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 281820c40d28..406bd37d4f7c 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94 - * $Id: vfs_syscalls.c,v 1.95 1998/03/08 09:57:21 julian Exp $ + * $Id: vfs_syscalls.c,v 1.96 1998/03/29 18:23:44 dyson Exp $ */ /* For 4.3 integer FS ID compatibility */ @@ -265,9 +265,11 @@ mount(p, uap) mp->mnt_kern_flag |= MNTK_WANTRDWR; mp->mnt_flag &=~ (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV | MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_NOATIME | + MNT_NOSYMFOLLOW | MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR); mp->mnt_flag |= SCARG(uap, flags) & (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV | MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_FORCE | + MNT_NOSYMFOLLOW | MNT_NOATIME | MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR); /* * Mount the filesystem. @@ -1503,8 +1505,6 @@ olstat(p, uap) return (error); vp = nd.ni_vp; error = vn_stat(vp, &sb, p); - if (vp->v_type == VLNK) - sb.st_mode |= S_IFLNK | ACCESSPERMS; /* 0777 */ vput(vp); if (error) return (error); @@ -1606,8 +1606,6 @@ lstat(p, uap) return (error); vp = nd.ni_vp; error = vn_stat(vp, &sb, p); - if (vp->v_type == VLNK) - sb.st_mode |= S_IFLNK | ACCESSPERMS; /* 0777 */ vput(vp); if (error) return (error); diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c index f63c720d90d3..ee9080989e22 100644 --- a/sys/kern/vfs_vnops.c +++ b/sys/kern/vfs_vnops.c @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)vfs_vnops.c 8.2 (Berkeley) 1/21/94 - * $Id: vfs_vnops.c,v 1.53 1998/04/06 18:43:28 peter Exp $ + * $Id: vfs_vnops.c,v 1.54 1998/04/06 19:32:37 peter Exp $ */ #include @@ -394,6 +394,11 @@ vn_stat(vp, sb, p) break; case VLNK: mode |= S_IFLNK; + /* This is a cosmetic change, symlinks does not have a mode. */ + if (vp->v_mount->mnt_flag & MNT_NOSYMFOLLOW) + sb->st_mode &= ~ACCESSPERMS; /* 0000 */ + else + sb->st_mode |= ACCESSPERMS; /* 0777 */ break; case VSOCK: mode |= S_IFSOCK; diff --git a/sys/sys/mount.h b/sys/sys/mount.h index db9f634f502d..5258eb1feab2 100644 --- a/sys/sys/mount.h +++ b/sys/sys/mount.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)mount.h 8.21 (Berkeley) 5/20/95 - * $Id: mount.h,v 1.59 1998/03/28 10:33:22 bde Exp $ + * $Id: mount.h,v 1.60 1998/03/28 12:13:01 bde Exp $ */ #ifndef _SYS_MOUNT_H_ @@ -166,6 +166,7 @@ struct mount { #define MNT_ASYNC 0x00000040 /* file system written asynchronously */ #define MNT_SUIDDIR 0x00100000 /* special handling of SUID on dirs */ #define MNT_SOFTDEP 0x00200000 /* soft updates being done */ +#define MNT_NOSYMFOLLOW 0x00400000 /* do not follow symlinks */ #define MNT_NOATIME 0x10000000 /* disable update of file access time */ #define MNT_NOCLUSTERR 0x40000000 /* disable cluster read */ #define MNT_NOCLUSTERW 0x80000000 /* disable cluster write */