Frank Filz has uploaded this change for review.

View Change

Introduce fsal_lookup_path helper

Instead of using FSAL API lookup_path method to accomplish subdir mounts
(and 9P attach), do a path walk in fsal_helper.c using the normal lookup
method. This brings that path walk into common code applicable to all
FSALs and works if mount_path_pseudo is true (in which case the mount
path may not be able to be looked up in the backend). The helper function
checks that each component is not ".." and is a directory. This prevents
security hacking by using ".." to escape the export or using a symlink to
escape the export. It also neatly assures we never allow mounting a single
file. We also allow extra '/' in the path beyond the export root and allow
"." components.

Change-Id: I301a7cf34185fd7f57c73c21a069366d92abd25f
Signed-off-by: Frank S. Filz <ffilzlnx@mindspring.com>
---
M src/FSAL/fsal_helper.c
M src/Protocols/9P/9p_attach.c
M src/Protocols/NFS/mnt_Mnt.c
M src/include/fsal.h
4 files changed, 181 insertions(+), 42 deletions(-)

git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/36/502536/1

To view, visit change 502536. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: ffilz/nfs-ganesha
Gerrit-Branch: next
Gerrit-Change-Id: I301a7cf34185fd7f57c73c21a069366d92abd25f
Gerrit-Change-Number: 502536
Gerrit-PatchSet: 1
Gerrit-Owner: Frank Filz <ffilzlnx@mindspring.com>
Gerrit-MessageType: newchange