[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
On Sun, Jan 26, 2014 at 06:57:21PM +1100, matthew green wrote:
> > Aren't the majority of exec's done with a pathname? Why not cache
> > that name if the image has DF_ORIGIN set?
> why do you think this?
> i almost never call something via a pathname, and besides maybe
> build.sh, most builds call "gcc" etc directly.
> infact, the only case i can think of this being the normal case
> is when running build.sh.
It depend on whether the shell does a $PATH lookup or not, and
whether '.' (or any other relative path is in $PATH).
If you type ./foo the kernel will see a relative path.
If you type foo the shell will pass /usr/bin/foo.
The problem with caching the path is that it might contain symlinks
that the user can change - which means that it isn't save to use
$ORIGIN in suid binaries.
Whereas the kernel has vnode of the directory where the file has found,
so should be able to refcount it. An open relative to that vnode is
safe (and fast) even for suid programs.
David Laight: david%l8s.co.uk@localhost
Main Index |
Thread Index |