Sebastian WickApr 23

Trying to answer a question no sane person ever had to ask: How Hard Is It, To Open a File?

This one is about the great POSIX idea of a filesystem, and why you could not play your games and open chrome for a few days.

https://blog.sebastianwick.net/posts/how-hard-is-it-to-open-a-file/

How Hard Is It To Open a File?

It’s a question I had to ask myself multiple times over the last few months. Depending on the context the answer can be: very simple, just call the standard library function extremely hard, don’t trust anything If you are an app developer, you’re lucky and it’s almost always the first answer. If you develop something with a security boundary which involves files in any way, the correct answer is very likely the second one.

swick's blog
Show threadJames Henstridge

@swick For securely using path based APIs like the old mount syscall, passing "/proc/self/fd/NNN" paths is an option. While they look like symlinks from user space, they're treated specially by the kernel and will resolve to whatever the file descriptor points to race free.

I've used that to do bind mounts between possibly hostile locations after resolving the paths similar to how you describe.

Apr 24 at 3:20amWeb
Show threadSebastian WickApr 24
@jamesh Yup, the magic symlink works for mount. Maybe it wasn't the best example...