Subject: Re: code to store the path of the executable in struct proc...
To: Jason Thorpe <email@example.com>
From: Christos Zoulas <firstname.lastname@example.org>
Date: 09/27/2007 11:57:05
On Sep 27, 8:31am, email@example.com (Jason Thorpe) wrote:
-- Subject: Re: code to store the path of the executable in struct proc...
| On Sep 27, 2007, at 7:07 AM, Christos Zoulas wrote:
| > OS/X has completely broken the directory security model by directly
| > exposing the inodes of each mount as a filesystem.
| If you're talking about /.vol/... (a.k.a. "volfs")...
| Some aspects of the security issues surrounding volfs were addressed
| some time ago. However, in Leopard, volfs as a file system is
| completely gone, and volfs-style lookups (i.e. "/.vol/volume-id/file-
| id") now work by obtaining the vnode using VFS_VGET(), getting the
| path / a path for the file (using the same mechanism that the
| F_GETPATH fcntl uses), and then doing a normal forward lookup on the
| file, thus completely addressing any issues with the directory
| security model.