On 2018-09-29, Aleksa Sarai cyphar@cyphar.com wrote:
- AT_XDEV: Disallow mount-point crossing (both *down* into one, or *up* from one). The primary "scoping" use is to blocking resolution that crosses a bind-mount, which has a similar property to a symlink (in the way that it allows for escape from the starting-point). Since it is not possible to differentiate bind-mounts However since bind-mounting requires privileges (in ways symlinks don't) this has been split from LOOKUP_BENEATH. The naming is based on "find -xdev" (though find(1) doesn't walk upwards, the semantics seem obvious).
I've just noticed that the mountpoint-crossing code for AT_XDEV doesn't detect things like:
% ln -s / /tmp/jumpup % vfs_helper -o open -F xdev -d /tmp jumpup /
I will fix that in v2.