[$] Restricting pathname resolution with AT_NO_JUMPS

By corbet On April 29, Al Viro posted a
on the linux-api mailing list adding a new flag to be used in
conjunction with the ...at() family of system calls. The flag is for
containing pathname resolution to the same filesystem and subtree as
the given starting point. This is a useful feature to have for
implementing file I/O in programs that accept pathnames as untrusted user
input. The ensuing discussion made it clear that there were multiple use
cases for such a feature, especially if the granularity of its restrictions
could be increased.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail