linux/Documentation/filesystems
Miklos Szeredi 438c84c2f0 ovl: don't follow redirects if redirect_dir=off
Overlayfs is following redirects even when redirects are disabled. If this
is unintentional (probably the majority of cases) then this can be a
problem.  E.g. upper layer comes from untrusted USB drive, and attacker
crafts a redirect to enable read access to otherwise unreadable
directories.

If "redirect_dir=off", then turn off following as well as creation of
redirects.  If "redirect_dir=follow", then turn on following, but turn off
creation of redirects (which is what "redirect_dir=off" does now).

This is a backward incompatible change, so make it dependent on a config
option.

Reported-by: David Howells <dhowells@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
2017-12-11 11:28:10 +01:00
..
caching fscache: remove unused ->now_uncached callback 2017-09-06 17:27:26 -07:00
cifs CIFS/SMB3: Update documentation to reflect SMB3 and various changes 2017-09-17 10:48:00 -05:00
configfs fs: configfs: don't return anything from drop_link 2016-12-01 10:50:49 +01:00
nfs doc: ReSTify keys-request-key.txt 2017-05-18 10:33:51 -06:00
pohmelfs Documentation: fix common spelling mistakes 2016-04-28 07:51:59 -06:00
9p.txt
00-INDEX logfs: remove from tree 2016-12-14 23:48:11 -05:00
adfs.txt
affs.txt
afs.txt afs: Fix documentation on # vs % prefix in mount source specification 2017-11-13 15:38:19 +00:00
autofs4-mount-control.txt autofs: update ioctl documentation regarding struct autofs_dev_ioctl 2017-02-27 18:43:45 -08:00
autofs4.txt Fix up over-eager 'wait_queue_t' renaming 2017-07-10 11:40:19 -07:00
automount-support.txt Documentation: remove outdated information from automount-support.txt 2015-05-15 01:10:38 -04:00
befs.txt
bfs.txt Tigran has moved 2017-05-12 15:57:15 -07:00
btrfs.txt Documentation: btrfs: remove usage specific information 2016-03-11 17:02:09 +01:00
ceph.txt ceph: set io_pages bdi hint 2017-02-20 12:16:05 +01:00
coda.txt
conf.py docs-rst: convert filesystems book to ReST 2017-05-16 08:44:08 -03:00
cramfs.txt cramfs: rehabilitate it 2017-10-15 00:47:23 -04:00
dax.txt dax: use common 4k zero page for dax mmap reads 2017-09-06 17:27:24 -07:00
debugfs.txt debugfs: Pass bool pointer to debugfs_create_bool() 2015-10-04 11:36:07 +01:00
devpts.txt devpts: Make each mount of devpts an independent filesystem. 2016-06-05 10:36:01 -07:00
directory-locking vfs: remove unused i_op->rename 2016-09-27 11:03:58 +02:00
dlmfs.txt ocfs2: update web page + git tree in documentation 2015-02-28 09:57:50 -08:00
dnotify.txt Documentation: fix selftests related file refs 2017-10-19 12:58:21 -06:00
ecryptfs.txt
efivarfs.txt efi: Make efivarfs entries immutable by default 2016-02-10 16:25:52 +00:00
exofs.txt
ext2.txt fs: Remove ext3 filesystem driver 2015-07-23 20:59:40 +02:00
ext3.txt fs: Remove ext3 filesystem driver 2015-07-23 20:59:40 +02:00
ext4.txt Documentation: fix little inconsistencies 2017-09-26 14:30:48 -06:00
f2fs.txt f2fs: support journalled quota 2017-08-21 15:54:48 -07:00
fiemap.txt fsioctl.c: make generic_block_fiemap() signal-tolerant 2015-02-10 14:30:30 -08:00
files.txt
fscrypt.rst fscrypt: add a documentation file for filesystem-level encryption 2017-10-31 13:49:24 -04:00
fuse.txt
gfs2-glocks.txt gfs2: Remove gl_spin define 2015-10-29 12:57:48 -05:00
gfs2-uevents.txt
gfs2.txt
hfs.txt
hfsplus.txt
hpfs.txt
index.rst fscrypt: add a documentation file for filesystem-level encryption 2017-10-31 13:49:24 -04:00
inotify.txt inotify: update documentation to reflect code changes 2015-02-10 14:30:28 -08:00
isofs.txt
jfs.txt
Locking vfs: add flags to d_real() 2017-09-04 21:42:22 +02:00
locks.txt docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
mandatory-locking.txt
ncpfs.txt
nilfs2.txt nilfs2: move ioctl interface and disk layout to uapi separately 2016-08-02 19:35:21 -04:00
ntfs.txt NTFS: Remove changelog from Documentation/filesystems/ntfs.txt. 2014-10-16 12:43:57 +01:00
ocfs2-online-filecheck.txt Doc: ocfs: Fix typo in filesystems/ocfs2-online-filecheck.txt 2016-07-01 16:17:15 -06:00
ocfs2.txt ocfs2: update web page + git tree in documentation 2015-02-28 09:57:50 -08:00
omfs.txt
orangefs.txt orangefs: documentation clean up 2017-09-14 14:54:39 -04:00
overlayfs.txt ovl: don't follow redirects if redirect_dir=off 2017-12-11 11:28:10 +01:00
path-lookup.md locking/atomics, doc/filesystems: Convert ACCESS_ONCE() references 2017-10-25 11:01:05 +02:00
path-lookup.txt Documentation: add new description of path-name lookup. 2015-11-02 18:18:25 -07:00
porting vfs: grab the lock instead of blocking in __fd_install during resizing 2017-11-05 18:58:07 -05:00
proc.txt proc, coredump: add CoreDumping flag to /proc/pid/status 2017-11-17 16:10:00 -08:00
qnx6.txt Documentation: fix common spelling mistakes 2016-04-28 07:51:59 -06:00
quota.txt scripts/spelling.txt: add "an user" pattern and fix typo instances 2017-02-27 18:43:46 -08:00
ramfs-rootfs-initramfs.txt
relay.txt
romfs.txt
seq_file.txt Documentation: update seq_file 2014-12-29 15:40:18 -07:00
sharedsubtree.txt doc: fix grammar 2016-03-09 15:33:06 -07:00
spufs.txt
squashfs.txt Squashfs: Add LZ4 compression configuration option 2014-11-27 18:48:44 +00:00
sysfs-pci.txt PCI: Add pci_mmap_resource_range() and use it for ARM64 2017-04-20 08:47:47 -05:00
sysfs-tagging.txt sysfs-tagging.txt: fix pre-kernfs references 2015-09-13 14:38:51 -06:00
sysfs.txt driver core: remove DRIVER_ATTR 2017-09-19 09:20:33 +02:00
sysv-fs.txt
tmpfs.txt Documenation: update cgroup's document path 2016-08-03 15:43:58 -06:00
ubifs.txt
udf.txt udf: Remove some outdate references from documentation 2017-10-16 11:55:52 +02:00
ufs.txt
vfat.txt fat: add config option to set UTF-8 mount option by default 2016-03-22 15:36:02 -07:00
vfs.txt Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs 2017-09-13 09:11:44 -07:00
xfs-delayed-logging-design.txt
xfs-self-describing-metadata.txt
xfs.txt xfs: deprecate barrier/nobarrier mount option 2016-12-09 16:49:54 +11:00