[LTP] [PATCH v5 4/4] syscalls: lchown03: Merge into lchown02
Cyril Hrubis
chrubis@suse.cz
Wed Sep 10 18:26:13 CEST 2025
Hi!
> > I guess the original code works because the final component is not a link.
>
> Ah, yes, it's not as easy with lchown since the last component must not
> be a link, otherwise the call acts on the link.
>
> And the original code creates a directory that points to itself, i.e.
> longpath/longpath points to ../longpath so each time longpath is
> resolved it just returns back. And with that we can trigger ELOOP by
> stacking enough of these redirections, which is the reason why we
> managed to get that. We would get the same result if we stacked enough
> links, e.g. symlink("a", "b"), symlink("b", "c") ... symlink("y", "z")
> and then trying to resolve "z/file" which may be less confusing than the
> directory pointing to itself magic.
Also quite possibly infinite loop with a file component at the end may
work:
SYMLINK("inifinte1", "infinite2");
SYMLINK("inifinte2", "infinite1");
lchown("infinite1/foo", ...);
Since to locate foo kernel would attempt to resolve infinite1 and
trigger infinite loop.
--
Cyril Hrubis
chrubis@suse.cz
More information about the ltp
mailing list