abi-1.h 948 B

123456789101112131415161718192021222324
  1. /* SPDX-License-Identifier: GPL-2.0-only */
  2. /**
  3. * DOC: erratum_3
  4. *
  5. * Erratum 3: Disconnected directory handling
  6. * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  7. *
  8. * This fix addresses an issue with disconnected directories that occur when a
  9. * directory is moved outside the scope of a bind mount. The change ensures
  10. * that evaluated access rights include both those from the disconnected file
  11. * hierarchy down to its filesystem root and those from the related mount point
  12. * hierarchy. This prevents access right widening through rename or link
  13. * actions.
  14. *
  15. * Impact:
  16. *
  17. * Without this fix, it was possible to widen access rights through rename or
  18. * link actions involving disconnected directories, potentially bypassing
  19. * ``LANDLOCK_ACCESS_FS_REFER`` restrictions. This could allow privilege
  20. * escalation in complex mount scenarios where directories become disconnected
  21. * from their original mount points.
  22. */
  23. LANDLOCK_ERRATUM(3)