Summary
OverlayFs::symlink() at fs/overlay.rs:683-691 has no validate_path() call and no check_write_limits() call. The upper layer is created with FsLimits::unlimited(), so symlinks bypass all configured limits entirely.
Impact — MEDIUM
Unlimited symlink creation despite configured max_file_count limits.
Reproduction
let limits = FsLimits::new().max_file_count(5);
let overlay = OverlayFs::with_limits(lower, limits);
// Creates 6+ symlinks without error despite max_file_count=5
for i in 0..10 {
overlay.symlink(Path::new("/target"), Path::new(&format!("/link{}", i))).await.unwrap();
}Recommended fix
Add validate_path() and check_write_limits() to OverlayFs::symlink(), consistent with other write methods.
Tests
Regression test (currently #[ignore]):
security_audit_overlay_symlink_enforces_limit
Cross-references
Summary
OverlayFs::symlink()atfs/overlay.rs:683-691has novalidate_path()call and nocheck_write_limits()call. The upper layer is created withFsLimits::unlimited(), so symlinks bypass all configured limits entirely.Impact — MEDIUM
Unlimited symlink creation despite configured
max_file_countlimits.Reproduction
Recommended fix
Add
validate_path()andcheck_write_limits()toOverlayFs::symlink(), consistent with other write methods.Tests
Regression test (currently
#[ignore]):security_audit_overlay_symlink_enforces_limitCross-references