summaryrefslogtreecommitdiffstats
path: root/crypto/twofish_common.c
diff options
context:
space:
mode:
authorMiklos Szeredi <mszeredi@redhat.com>2017-12-11 11:28:10 +0100
committerMiklos Szeredi <mszeredi@redhat.com>2017-12-11 11:28:10 +0100
commit438c84c2f0c794f75ab55ce65c505b01bfce4480 (patch)
tree1473170ca270435dc5165c04d6690b7bcd6718bb /crypto/twofish_common.c
parentae64f9bd1d3621b5e60d7363bc20afb46aede215 (diff)
downloadlinux-438c84c2f0c794f75ab55ce65c505b01bfce4480.tar.gz
linux-438c84c2f0c794f75ab55ce65c505b01bfce4480.tar.bz2
linux-438c84c2f0c794f75ab55ce65c505b01bfce4480.zip
ovl: don't follow redirects if redirect_dir=off
Overlayfs is following redirects even when redirects are disabled. If this is unintentional (probably the majority of cases) then this can be a problem. E.g. upper layer comes from untrusted USB drive, and attacker crafts a redirect to enable read access to otherwise unreadable directories. If "redirect_dir=off", then turn off following as well as creation of redirects. If "redirect_dir=follow", then turn on following, but turn off creation of redirects (which is what "redirect_dir=off" does now). This is a backward incompatible change, so make it dependent on a config option. Reported-by: David Howells <dhowells@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Diffstat (limited to 'crypto/twofish_common.c')
0 files changed, 0 insertions, 0 deletions