tech-toolchain archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]


On Sun, 26 Jan 2014, David Laight wrote:
The problem with caching the path is that it might contain symlinks that the user can change - which means that it isn't save to use $ORIGIN in suid binaries.

You can fix that by keeping a reference to the vnode of the directory, instead of keeping a string representation of the directory name.

Whereas the kernel has vnode of the directory where the file has found, so should be able to refcount it. An open relative to that vnode is safe (and fast) even for suid programs.


--apb (Alan Barrett)

Home | Main Index | Thread Index | Old Index