New mount option nosymfollow. If enabled, the kernel lookup()

function will not follow symbolic links on the mounted file system and return EACCES (Permission denied).
1998-04-08 18:31:59 +00:00 · 1998-04-08 18:31:59 +00:00 · 5ddc8ded1d
commit 5ddc8ded1d
parent 9d24fe0e45
11 changed files with 41 additions and 19 deletions
--- a/sbin/mount/mntopts.h
+++ b/sbin/mount/mntopts.h
@ -31,7 +31,7 @@
 * SUCH DAMAGE.
 *
 *	@(#)mntopts.h	8.7 (Berkeley) 3/29/95
- *	$Id: mntopts.h,v 1.11 1997/09/27 13:44:08 kato Exp $
+ *	$Id: mntopts.h,v 1.12 1997/11/13 00:28:48 julian Exp $
 */

 struct mntopt {
@ -47,6 +47,7 @@ struct mntopt {
 #define MOPT_NODEV		{ "dev",	1, MNT_NODEV, 0 }
 #define MOPT_NOEXEC		{ "exec",	1, MNT_NOEXEC, 0 }
 #define MOPT_NOSUID		{ "suid",	1, MNT_NOSUID, 0 }
+#define MOPT_NOSYMFOLLOW	{ "symfollow",  1, MNT_NOSYMFOLLOW, 0 }
 #define MOPT_RDONLY		{ "rdonly",	0, MNT_RDONLY, 0 }
 #define MOPT_SYNC		{ "sync",	0, MNT_SYNCHRONOUS, 0 }
 #define MOPT_UNION		{ "union",	0, MNT_UNION, 0 }
@ -80,6 +81,7 @@ struct mntopt {
 	MOPT_NOEXEC,							\
 	MOPT_SUIDDIR,		/* must be before MOPT_NOSUID */	\
 	MOPT_NOSUID,							\
+	MOPT_NOSYMFOLLOW,						\
 	MOPT_RDONLY,							\
 	MOPT_UNION,							\
 	MOPT_NOCLUSTERR,						\
--- a/sbin/mount/mount.8
+++ b/sbin/mount/mount.8
@ -30,7 +30,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)mount.8	8.8 (Berkeley) 6/16/94
-.\"	$Id: mount.8,v 1.20 1997/11/13 00:28:49 julian Exp $
+.\"	$Id: mount.8,v 1.21 1997/12/01 00:44:16 steve Exp $
 .\"
 .Dd June 16, 1994
 .Dt MOUNT 8
@ -146,6 +146,9 @@ Note: this option is worthless if a public available suid or sgid
 wrapper like
 .Xr suidperl 1
 is installed on your system.
+.It nosymfollow
+Do not follow symlinks
+on the mounted file system.
 .It rdonly
 The same as
 .Fl r ;
--- a/sbin/mount/mount.c
+++ b/sbin/mount/mount.c
@ -42,7 +42,7 @@ static const char copyright[] =
 static char sccsid[] = "@(#)mount.c	8.25 (Berkeley) 5/8/95";
 #else
 static const char rcsid[] =
-	"$Id: mount.c,v 1.23 1998/03/08 09:56:02 julian Exp $";
+	"$Id: mount.c,v 1.24 1998/03/27 10:52:13 peter Exp $";
 #endif
 #endif /* not lint */

@ -91,6 +91,7 @@ static struct opt {
 	{ MNT_NODEV,		"nodev" },
 	{ MNT_NOEXEC,		"noexec" },
 	{ MNT_NOSUID,		"nosuid" },
+	{ MNT_NOSYMFOLLOW,	"nosymfollow" },
 	{ MNT_QUOTA,		"with quotas" },
 	{ MNT_RDONLY,		"read-only" },
 	{ MNT_SYNCHRONOUS,	"synchronous" },
@ -607,6 +608,8 @@ putfsent(ent)
 		printf(",noclusterr");
 	if (ent->f_flags & MNT_NOCLUSTERW)
 		printf(",noclusterw");
+	if (ent->f_flags & MNT_NOSYMFOLLOW)
+		printf (",nosymfollow");
 	if (ent->f_flags & MNT_SUIDDIR)
 		printf(",suiddir");

--- a/sbin/mount_ifs/mntopts.h
+++ b/sbin/mount_ifs/mntopts.h
@ -31,7 +31,7 @@
 * SUCH DAMAGE.
 *
 *	@(#)mntopts.h	8.7 (Berkeley) 3/29/95
- *	$Id: mntopts.h,v 1.11 1997/09/27 13:44:08 kato Exp $
+ *	$Id: mntopts.h,v 1.12 1997/11/13 00:28:48 julian Exp $
 */

 struct mntopt {
@ -47,6 +47,7 @@ struct mntopt {
 #define MOPT_NODEV		{ "dev",	1, MNT_NODEV, 0 }
 #define MOPT_NOEXEC		{ "exec",	1, MNT_NOEXEC, 0 }
 #define MOPT_NOSUID		{ "suid",	1, MNT_NOSUID, 0 }
+#define MOPT_NOSYMFOLLOW	{ "symfollow",  1, MNT_NOSYMFOLLOW, 0 }
 #define MOPT_RDONLY		{ "rdonly",	0, MNT_RDONLY, 0 }
 #define MOPT_SYNC		{ "sync",	0, MNT_SYNCHRONOUS, 0 }
 #define MOPT_UNION		{ "union",	0, MNT_UNION, 0 }
@ -80,6 +81,7 @@ struct mntopt {
 	MOPT_NOEXEC,							\
 	MOPT_SUIDDIR,		/* must be before MOPT_NOSUID */	\
 	MOPT_NOSUID,							\
+	MOPT_NOSYMFOLLOW,						\
 	MOPT_RDONLY,							\
 	MOPT_UNION,							\
 	MOPT_NOCLUSTERR,						\
--- a/sbin/mount_ifs/mount.8
+++ b/sbin/mount_ifs/mount.8
@ -30,7 +30,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)mount.8	8.8 (Berkeley) 6/16/94
-.\"	$Id: mount.8,v 1.20 1997/11/13 00:28:49 julian Exp $
+.\"	$Id: mount.8,v 1.21 1997/12/01 00:44:16 steve Exp $
 .\"
 .Dd June 16, 1994
 .Dt MOUNT 8
@ -146,6 +146,9 @@ Note: this option is worthless if a public available suid or sgid
 wrapper like
 .Xr suidperl 1
 is installed on your system.
+.It nosymfollow
+Do not follow symlinks
+on the mounted file system.
 .It rdonly
 The same as
 .Fl r ;
--- a/sbin/mount_ifs/mount.c
+++ b/sbin/mount_ifs/mount.c
@ -42,7 +42,7 @@ static const char copyright[] =
 static char sccsid[] = "@(#)mount.c	8.25 (Berkeley) 5/8/95";
 #else
 static const char rcsid[] =
-	"$Id: mount.c,v 1.23 1998/03/08 09:56:02 julian Exp $";
+	"$Id: mount.c,v 1.24 1998/03/27 10:52:13 peter Exp $";
 #endif
 #endif /* not lint */

@ -91,6 +91,7 @@ static struct opt {
 	{ MNT_NODEV,		"nodev" },
 	{ MNT_NOEXEC,		"noexec" },
 	{ MNT_NOSUID,		"nosuid" },
+	{ MNT_NOSYMFOLLOW,	"nosymfollow" },
 	{ MNT_QUOTA,		"with quotas" },
 	{ MNT_RDONLY,		"read-only" },
 	{ MNT_SYNCHRONOUS,	"synchronous" },
@ -607,6 +608,8 @@ putfsent(ent)
 		printf(",noclusterr");
 	if (ent->f_flags & MNT_NOCLUSTERW)
 		printf(",noclusterw");
+	if (ent->f_flags & MNT_NOSYMFOLLOW)
+		printf (",nosymfollow");
 	if (ent->f_flags & MNT_SUIDDIR)
 		printf(",suiddir");

--- a/sys/kern/vfs_extattr.c
+++ b/sys/kern/vfs_extattr.c
@ -36,7 +36,7 @@
 * SUCH DAMAGE.
 *
 *	@(#)vfs_syscalls.c	8.13 (Berkeley) 4/15/94
- * $Id: vfs_syscalls.c,v 1.95 1998/03/08 09:57:21 julian Exp $
+ * $Id: vfs_syscalls.c,v 1.96 1998/03/29 18:23:44 dyson Exp $
 */

 /* For 4.3 integer FS ID compatibility */
@ -265,9 +265,11 @@ mount(p, uap)
 		mp->mnt_kern_flag |= MNTK_WANTRDWR;
 	mp->mnt_flag &=~ (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
 	    MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_NOATIME |
+	    MNT_NOSYMFOLLOW |
 	    MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR);
 	mp->mnt_flag |= SCARG(uap, flags) & (MNT_NOSUID | MNT_NOEXEC |
 	    MNT_NODEV | MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_FORCE |
+	    MNT_NOSYMFOLLOW |
 	    MNT_NOATIME | MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR);
 	/*
 	 * Mount the filesystem.
@ -1503,8 +1505,6 @@ olstat(p, uap)
 		return (error);
 	vp = nd.ni_vp;
 	error = vn_stat(vp, &sb, p);
-	if (vp->v_type == VLNK)
-		sb.st_mode |= S_IFLNK | ACCESSPERMS;	/* 0777 */
 	vput(vp);
 	if (error)
 		return (error);
@ -1606,8 +1606,6 @@ lstat(p, uap)
 		return (error);
 	vp = nd.ni_vp;
 	error = vn_stat(vp, &sb, p);
-	if (vp->v_type == VLNK)
-		sb.st_mode |= S_IFLNK | ACCESSPERMS;	/* 0777 */
 	vput(vp);
 	if (error)
 		return (error);
--- a/sys/kern/vfs_lookup.c
+++ b/sys/kern/vfs_lookup.c
@ -36,7 +36,7 @@
 * SUCH DAMAGE.
 *
 *	@(#)vfs_lookup.c	8.4 (Berkeley) 2/16/94
- * $Id: vfs_lookup.c,v 1.25 1998/02/06 12:13:30 eivind Exp $
+ * $Id: vfs_lookup.c,v 1.26 1998/02/15 04:17:07 dyson Exp $
 */

 #include "opt_ktrace.h"
@ -502,6 +502,10 @@ lookup(ndp)
 	    ((cnp->cn_flags & FOLLOW) || trailing_slash ||
 	     *ndp->ni_next == '/')) {
 		cnp->cn_flags |= ISSYMLINK;
+		if (dp->v_mount->mnt_flag & MNT_NOSYMFOLLOW) {
+			error = EACCES;
+			goto bad2;
+		}
 		return (0);
 	}

--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@ -36,7 +36,7 @@
 * SUCH DAMAGE.
 *
 *	@(#)vfs_syscalls.c	8.13 (Berkeley) 4/15/94
- * $Id: vfs_syscalls.c,v 1.95 1998/03/08 09:57:21 julian Exp $
+ * $Id: vfs_syscalls.c,v 1.96 1998/03/29 18:23:44 dyson Exp $
 */

 /* For 4.3 integer FS ID compatibility */
@ -265,9 +265,11 @@ mount(p, uap)
 		mp->mnt_kern_flag |= MNTK_WANTRDWR;
 	mp->mnt_flag &=~ (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
 	    MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_NOATIME |
+	    MNT_NOSYMFOLLOW |
 	    MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR);
 	mp->mnt_flag |= SCARG(uap, flags) & (MNT_NOSUID | MNT_NOEXEC |
 	    MNT_NODEV | MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_FORCE |
+	    MNT_NOSYMFOLLOW |
 	    MNT_NOATIME | MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR);
 	/*
 	 * Mount the filesystem.
@ -1503,8 +1505,6 @@ olstat(p, uap)
 		return (error);
 	vp = nd.ni_vp;
 	error = vn_stat(vp, &sb, p);
-	if (vp->v_type == VLNK)
-		sb.st_mode |= S_IFLNK | ACCESSPERMS;	/* 0777 */
 	vput(vp);
 	if (error)
 		return (error);
@ -1606,8 +1606,6 @@ lstat(p, uap)
 		return (error);
 	vp = nd.ni_vp;
 	error = vn_stat(vp, &sb, p);
-	if (vp->v_type == VLNK)
-		sb.st_mode |= S_IFLNK | ACCESSPERMS;	/* 0777 */
 	vput(vp);
 	if (error)
 		return (error);
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@ -36,7 +36,7 @@
 * SUCH DAMAGE.
 *
 *	@(#)vfs_vnops.c	8.2 (Berkeley) 1/21/94
- * $Id: vfs_vnops.c,v 1.53 1998/04/06 18:43:28 peter Exp $
+ * $Id: vfs_vnops.c,v 1.54 1998/04/06 19:32:37 peter Exp $
 */

 #include <sys/param.h>
@ -394,6 +394,11 @@ vn_stat(vp, sb, p)
 		break;
 	case VLNK:
 		mode |= S_IFLNK;
+		/* This is a cosmetic change, symlinks does not have a mode. */
+		if (vp->v_mount->mnt_flag & MNT_NOSYMFOLLOW)
+			sb->st_mode &= ~ACCESSPERMS;	/* 0000 */
+		else
+			sb->st_mode |= ACCESSPERMS;	/* 0777 */
 		break;
 	case VSOCK:
 		mode |= S_IFSOCK;
--- a/sys/sys/mount.h
+++ b/sys/sys/mount.h
@ -31,7 +31,7 @@
 * SUCH DAMAGE.
 *
 *	@(#)mount.h	8.21 (Berkeley) 5/20/95
- *	$Id: mount.h,v 1.59 1998/03/28 10:33:22 bde Exp $
+ *	$Id: mount.h,v 1.60 1998/03/28 12:13:01 bde Exp $
 */

 #ifndef _SYS_MOUNT_H_
@ -166,6 +166,7 @@ struct mount {
 #define	MNT_ASYNC	0x00000040	/* file system written asynchronously */
 #define	MNT_SUIDDIR	0x00100000	/* special handling of SUID on dirs */
 #define	MNT_SOFTDEP	0x00200000	/* soft updates being done */
+#define	MNT_NOSYMFOLLOW	0x00400000	/* do not follow symlinks */
 #define	MNT_NOATIME	0x10000000	/* disable update of file access time */
 #define	MNT_NOCLUSTERR	0x40000000	/* disable cluster read */
 #define	MNT_NOCLUSTERW	0x80000000	/* disable cluster write */