security: OverlayFs symlink() bypasses all file count limits (TM-DOS-045) #496
Description
Summary
OverlayFs::symlink() at fs/overlay.rs:683-691 has no validate_path() call and no check_write_limits() call. The upper layer is created with FsLimits::unlimited(), so symlinks bypass all configured limits entirely.
Impact — MEDIUM
Unlimited symlink creation despite configured max_file_count limits.
Reproduction
let limits = FsLimits::new().max_file_count(5);
let overlay = OverlayFs::with_limits(lower, limits);
// Creates 6+ symlinks without error despite max_file_count=5
for i in 0..10 {
overlay.symlink(Path::new("/target"), Path::new(&format!("/link{}", i))).await.unwrap();
}Recommended fix
Add validate_path() and check_write_limits() to OverlayFs::symlink(), consistent with other write methods.
Tests
Regression test (currently #[ignore]):
security_audit_overlay_symlink_enforces_limit
Cross-references
- Threat model: TM-DOS-045
- Related: TM-DOS-046 (MountableFs also missing validate_path)
- PR: test(security): deep security audit with regression tests #487