A question about the CVE-2021-30465 blog

[lizhi16]

Greetings,

Thanks for your blog, it is very useful to help us understand this vulnerability. But there is a question about your comments mentioned in the blog.

In your comments, does the comment (Even with newer syscalls like openat2() you still need to mount(/proc/self/fd/X, /proc/self/fd/Y) to be race free, not sure how useful having a new mount flag to fail when one of the params is a symlink would be, but this is a huge footgun.) mean that some mount flags will be invalid if using '/proc/self/fd/X' as the parameter in the mount command?

Thanks!

[champtar]

Hello @lizhi16

What I meant is that none of the mount() flags help for this issue, you must always use /proc/self/fd/X.