From: Al Viro <viro@ftp.linux.org.uk>
To: Matthew Wilcox <matthew@wil.cx>
Cc: Linda Walsh <lkml@tlinx.org>,
Linux-Kernel <linux-kernel@vger.kernel.org>,
linux-fsdevel@vger.kernel.org
Subject: Re: max symlink = 5? ?bug? ?feature deficit?
Date: Sun, 12 Feb 2006 19:48:40 +0000 [thread overview]
Message-ID: <20060212194840.GV27946@ftp.linux.org.uk> (raw)
In-Reply-To: <20060212193637.GI12822@parisc-linux.org>
On Sun, Feb 12, 2006 at 12:36:37PM -0700, Matthew Wilcox wrote:
> On Sun, Feb 12, 2006 at 06:06:01PM +0000, Al Viro wrote:
> > On Fri, Feb 10, 2006 at 07:31:07PM -0800, Linda Walsh wrote:
> > > The maximum number of followed symlinks seems to be set to 5.
> > >
> > > This seems small when compared to other filesystem limits.
> > > Is there some objection to it being raised? Should it be
> > > something like Glib's '20' or '255'?
>
> Just a note (which Al probably considered too obvious to point out), but
> MAX_NESTED_LINKS isn't the maximum number of followed symlinks. It's
> the number of recursions we're limited to. The maximum number of
> symlinks followed is 40 (see fs/namei.c:do_follow_link).
>
> Al, would it be worth making 40 an enumerated constant in the same
> enumeration as MAX_NESTED_LINKS? Something like this:
Umm... Maybe. Note that this 40 is to kill very long iterations in
symlinks that are not too deeply nested, but resolving them would
traverse a lot (symlink can have a _lot_ of components - easily as much
as 2048, which leads to 2^55 lookups with depth limited to 5; since
process is unkillable during lookup and it's easy to do a setup where it
wouldn't block on IO...)
IOW, this limit doesn't come from stack overflow concerns - it's just an
arbitrary cutoff point to stop a DoS. We can easily lift it to e.g.
256 if there's any real need. Or make it sysctl-controlled; whatever...
The real hard limit is on nested symlinks.
next prev parent reply other threads:[~2006-02-12 19:48 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <43ED5A7B.7040908@tlinx.org>
2006-02-12 18:06 ` max symlink = 5? ?bug? ?feature deficit? Al Viro
2006-02-12 19:19 ` Dave Jones
2006-02-12 19:36 ` Matthew Wilcox
2006-02-12 19:48 ` Al Viro [this message]
2006-02-12 21:18 ` Linda Walsh
2006-02-12 21:25 ` Al Viro
2006-02-12 22:54 ` Linda Walsh
2006-02-13 0:08 ` Al Viro
2006-02-13 0:54 ` Linda Walsh
2006-02-13 7:37 ` Willy Tarreau
2006-02-13 7:48 ` Arjan van de Ven
2006-02-13 8:03 ` Willy Tarreau
2006-02-13 8:11 ` Al Viro
2006-02-13 14:10 ` Olivier Galibert
2006-02-13 8:20 ` Helge Hafting
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060212194840.GV27946@ftp.linux.org.uk \
--to=viro@ftp.linux.org.uk \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkml@tlinx.org \
--cc=matthew@wil.cx \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).