[LTP] [PATCH v5 4/4] syscalls: lchown03: Merge into lchown02
Ricardo B. Marlière
rbm@suse.com
Thu Sep 11 00:16:34 CEST 2025
On Wed Sep 10, 2025 at 1:26 PM -03, Cyril Hrubis wrote:
> Hi!
>> > I guess the original code works because the final component is not a link.
>>
>> Ah, yes, it's not as easy with lchown since the last component must not
>> be a link, otherwise the call acts on the link.
>>
>> And the original code creates a directory that points to itself, i.e.
>> longpath/longpath points to ../longpath so each time longpath is
>> resolved it just returns back. And with that we can trigger ELOOP by
>> stacking enough of these redirections, which is the reason why we
>> managed to get that. We would get the same result if we stacked enough
>> links, e.g. symlink("a", "b"), symlink("b", "c") ... symlink("y", "z")
>> and then trying to resolve "z/file" which may be less confusing than the
>> directory pointing to itself magic.
>
> Also quite possibly infinite loop with a file component at the end may
> work:
>
> SYMLINK("inifinte1", "infinite2");
> SYMLINK("inifinte2", "infinite1");
> lchown("infinite1/foo", ...);
>
> Since to locate foo kernel would attempt to resolve infinite1 and
> trigger infinite loop.
Indeed! Will send a new revision shortly. Thanks for the suggestion.
More information about the ltp
mailing list