From: Al Viro <viro@ftp.linux.org.uk>
To: Matthew Wilcox <matthew@wil.cx>
Cc: Linda Walsh <lkml@tlinx.org>,
Linux-Kernel <linux-kernel@vger.kernel.org>,
linux-fsdevel@vger.kernel.org
Subject: Re: max symlink = 5? ?bug? ?feature deficit?
Date: Sun, 12 Feb 2006 19:48:40 +0000 [thread overview]
Message-ID: <20060212194840.GV27946@ftp.linux.org.uk> (raw)
In-Reply-To: <20060212193637.GI12822@parisc-linux.org>
On Sun, Feb 12, 2006 at 12:36:37PM -0700, Matthew Wilcox wrote:
> On Sun, Feb 12, 2006 at 06:06:01PM +0000, Al Viro wrote:
> > On Fri, Feb 10, 2006 at 07:31:07PM -0800, Linda Walsh wrote:
> > > The maximum number of followed symlinks seems to be set to 5.
> > >
> > > This seems small when compared to other filesystem limits.
> > > Is there some objection to it being raised? Should it be
> > > something like Glib's '20' or '255'?
>
> Just a note (which Al probably considered too obvious to point out), but
> MAX_NESTED_LINKS isn't the maximum number of followed symlinks. It's
> the number of recursions we're limited to. The maximum number of
> symlinks followed is 40 (see fs/namei.c:do_follow_link).
>
> Al, would it be worth making 40 an enumerated constant in the same
> enumeration as MAX_NESTED_LINKS? Something like this:
Umm... Maybe. Note that this 40 is to kill very long iterations in
symlinks that are not too deeply nested, but resolving them would
traverse a lot (symlink can have a _lot_ of components - easily as much
as 2048, which leads to 2^55 lookups with depth limited to 5; since
process is unkillable during lookup and it's easy to do a setup where it
wouldn't block on IO...)
IOW, this limit doesn't come from stack overflow concerns - it's just an
arbitrary cutoff point to stop a DoS. We can easily lift it to e.g.
256 if there's any real need. Or make it sysctl-controlled; whatever...
The real hard limit is on nested symlinks.
next prev parent reply other threads:[~2006-02-12 19:48 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-11 3:31 max symlink = 5? ?bug? ?feature deficit? Linda Walsh
2006-02-12 10:27 ` Jan Engelhardt
2006-02-12 20:46 ` [PATCH] Use one constant to control MAX SYMLINKS in a name Linda Walsh
2006-02-12 21:16 ` Al Viro
2006-02-12 18:06 ` max symlink = 5? ?bug? ?feature deficit? Al Viro
2006-02-12 19:19 ` Dave Jones
2006-02-12 19:36 ` Matthew Wilcox
2006-02-12 19:48 ` Al Viro [this message]
2006-02-12 21:18 ` Linda Walsh
2006-02-12 21:25 ` Al Viro
2006-02-12 22:54 ` Linda Walsh
2006-02-13 0:08 ` Al Viro
2006-02-13 0:54 ` Linda Walsh
2006-02-13 7:37 ` Willy Tarreau
2006-02-13 7:48 ` Arjan van de Ven
2006-02-13 8:03 ` Willy Tarreau
2006-02-13 8:11 ` Al Viro
2006-02-13 14:10 ` Olivier Galibert
2006-02-13 8:20 ` Helge Hafting
-- strict thread matches above, loose matches on Subject: below --
2006-02-12 15:16 linux
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060212194840.GV27946@ftp.linux.org.uk \
--to=viro@ftp.linux.org.uk \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkml@tlinx.org \
--cc=matthew@wil.cx \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.