Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡΡ Π·Π°ΠΊΠ»ΡΡΠ°Π΅ΡΡΡ Π² Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎΡΡΠΈ ΡΠ΄Π°Π»ΡΠ½Π½ΠΎΠ³ΠΎ Π°ΡΠ°ΠΊΡΡΡΠ΅Π³ΠΎ ΠΏΠΎΠ»ΡΡΠΈΡΡ Π΄ΠΎΡΡΡΠΏ ΠΊ Π΄ΠΈΡΠ΅ΠΊΡΠΎΡΠΈΡΠΌ Π·Π° ΠΏΡΠ΅Π΄Π΅Π»Π°ΠΌΠΈ ΡΠΊΡΠΏΠΎΡΡΠΈΡΡΠ΅ΠΌΠΎΠΉ ΠΏΠΎ NFS, ΡΠ΅ΡΠ΅Π· Π²ΡΠ·ΠΎΠ² READDIRPLUS Π½Π° .. ΠΊΠΎΡΠ½Π΅Π²ΠΎΠ³ΠΎ ΡΠΊΡΠΏΠΎΡΡΠΈΡΡΠ΅ΠΌΠΎΠ³ΠΎ ΠΊΠ°ΡΠ°Π»ΠΎΠ³Π°.
Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡΡ ΠΈΡΠΏΡΠ°Π²Π»Π΅Π½Π° Π² Π²ΡΡΠ΅Π΄ΡΠ΅ΠΌ 23 ΡΠ½Π²Π°ΡΡ ΡΠ΄ΡΠ΅ 5.10.10, Π° ΡΠ°ΠΊ ΠΆΠ΅ Π²ΠΎ Π²ΡΠ΅Ρ ΠΎΡΡΠ°Π»ΡΠ½ΡΡ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΈΠ²Π°Π΅ΠΌΡΡ Π²Π΅ΡΡΠΈΡΡ ΡΠ΄Π΅Ρ, ΠΎΠ±Π½ΠΎΠ²Π»ΡΠ½Π½ΡΡ Π² ΡΡΠΎΡ Π΄Π΅Π½Ρ:
commit fdcaa4af5e70e2d984c9620a09e9dade067f2620
Author: J. Bruce Fields <[email protected]>
Date: Mon Jan 11 16:01:29 2021 -0500
nfsd4: readdirplus shouldn’t return parent of export
commit 51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 upstream.
If you export a subdirectory of a filesystem, a READDIRPLUS on the root
of that export will return the filehandle of the parent with the ".."
entry.
The filehandle is optional, so let’s just not return the filehandle for
".." if we’re at the root of an export.
Note that once the client learns one filehandle outside of the export,
they can trivially access the rest of the export using further lookups.
However, it is also not very difficult to guess filehandles outside of
the export. So exporting a subdirectory of a filesystem should
considered equivalent to providing access to the entire filesystem. To
avoid confusion, we recommend only exporting entire filesystems.
Reported-by: Youjipeng <[email protected]>
Signed-off-by: J. Bruce Fields <[email protected]>
Cc: [email protected]
Signed-off-by: Chuck Lever <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
ΠΡΡΠΎΡΠ½ΠΈΠΊ: linux.org.ru