Open(2) isn't honoring O_NOFOLLOW

PiperOrigin-RevId: 211644897 Change-Id: I882ed827a477d6c03576463ca5bf2d6351892b90
author: Brian Geffon <bgeffon@google.com> 2018-09-05 09:20:18 -0700
committer: Shentubot <shentubot@google.com> 2018-09-05 09:21:28 -0700
commit: 2b8dae0bc5594f7088dd028268efaedbb5a72507 (patch)
tree: 3ff989754a41396f2938786f8dac20f64c62d426 /pkg/sentry/syscalls/linux
parent: 0a9a40abcda602dc3403e2108e1348bf4e04051a (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go
index 2cf429f5c..3e28d4b8a 100644
--- a/pkg/sentry/syscalls/linux/sys_file.go
+++ b/pkg/sentry/syscalls/linux/sys_file.go
@@ -136,7 +136,8 @@ func openAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, flags uint) (fd u
 		return 0, err
 	}
 
-	err = fileOpOn(t, dirFD, path, true /* resolve */, func(root *fs.Dirent, d *fs.Dirent) error {
+	resolve := flags&linux.O_NOFOLLOW == 0
+	err = fileOpOn(t, dirFD, path, resolve, func(root *fs.Dirent, d *fs.Dirent) error {
 		// First check a few things about the filesystem before trying to get the file
 		// reference.
 		//
@@ -147,6 +148,10 @@ func openAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, flags uint) (fd u
 			return err
 		}
 
+		if fs.IsSymlink(d.Inode.StableAttr) && !resolve {
+			return syserror.ELOOP
+		}
+
 		fileFlags := linuxToFlags(flags)
 		// Linux always adds the O_LARGEFILE flag when running in 64-bit mode.
 		fileFlags.LargeFile = true
author	Brian Geffon <bgeffon@google.com>	2018-09-05 09:20:18 -0700
committer	Shentubot <shentubot@google.com>	2018-09-05 09:21:28 -0700
commit	2b8dae0bc5594f7088dd028268efaedbb5a72507 (patch)
tree	3ff989754a41396f2938786f8dac20f64c62d426 /pkg/sentry/syscalls/linux
parent	0a9a40abcda602dc3403e2108e1348bf4e04051a (diff)