Re: $ORIGIN

To: matthew green <mrg%eterna.com.au@localhost>
Subject: Re: $ORIGIN
From: David Laight <david%l8s.co.uk@localhost>
Date: Sun, 26 Jan 2014 11:54:07 +0000

On Sun, Jan 26, 2014 at 06:57:21PM +1100, matthew green wrote:
> 
> > Aren't the majority of exec's done with a pathname?  Why not cache
> > that name if the image has DF_ORIGIN set?
> 
> why do you think this?
> 
> i almost never call something via a pathname, and besides maybe
> build.sh, most builds call "gcc" etc directly.
> 
> infact, the only case i can think of this being the normal case
> is when running build.sh.

It depend on whether the shell does a $PATH lookup or not, and
whether '.' (or any other relative path is in $PATH).

If you type ./foo the kernel will see a relative path.
If you type foo the shell will pass /usr/bin/foo.

The problem with caching the path is that it might contain symlinks
that the user can change - which means that it isn't save to use
$ORIGIN in suid binaries.

Whereas the kernel has vnode of the directory where the file has found,
so should be able to refcount it. An open relative to that vnode is
safe (and fast) even for suid programs.

        David

-- 
David Laight: david%l8s.co.uk@localhost

Follow-Ups:
- Re: $ORIGIN
  - From: David Holland
- Re: $ORIGIN
  - From: Alan Barrett

References:
- Re: $ORIGIN
  - From: Matt Thomas
- re: $ORIGIN
  - From: matthew green

Prev by Date: Re: $ORIGIN
Next by Date: Re: $ORIGIN
Previous by Thread: Re: $ORIGIN
Next by Thread: Re: $ORIGIN
Indexes:

Home | Main Index | Thread Index | Old Index