[$] Restricting pathname resolution with AT_NO_JUMPS

On April 29, Al Viro posted a patch on the linux-api mailing list adding a new flag to be used in conjunction with the family of system calls. The flag is for containing pathname resolution to the same filesystem and subtree as the given starting point. This is a useful feature to have for implementing file I/O in programs that accept pathnames as untrusted user input. The ensuing discussion made it clear that there were multiple use cases for such a feature, especially if the granularity of its restrictions could be increased. 查看全文>>