Linux 5.10 Adds "nosymfollow" Mount Option Security Defense

FreeBSD has long supported a "nosymfollow" mount option to prevent following of symlinks on mounted file-systems while now the mainline Linux kernel is adding a similar security defense.

Driven along by Google's kernel engineers as their work on Chrome OS, they have upstreamed their nosymfollow implementation to the mainline kernel with Linux 5.10. The premise of this feature is to not follow symlinks when resolving paths within the kernel. Symlinks can still be created on the mounted file-system and readlink() will still function, thus not breaking user-space usage of symlinks, but this generic mount option is intended as a kernel defense.

The goal is to help prevent privileged writers from modifying files unintentionally if following symlinks created with malicious intent. Google outlines this security measure within the Chromium documentation concerning hardening against malicious stateful data and more specifically their intention with restricting symlink traversal.

The nosymfollow mount option for Linux 5.10 was sent in today as part of the VFS misc pile ahead of the 5.10 merge window closure on Sunday.