Subject: Re: code to store the path of the executable in struct proc...
To: Jason Thorpe <thorpej@shagadelic.org>
From: Christos Zoulas <christos@zoulas.com>
List: tech-kern
Date: 09/27/2007 11:57:05
On Sep 27, 8:31am, thorpej@shagadelic.org (Jason Thorpe) wrote:
-- Subject: Re: code to store the path of the executable in struct proc...
|
| On Sep 27, 2007, at 7:07 AM, Christos Zoulas wrote:
|
| > OS/X has completely broken the directory security model by directly
| > exposing the inodes of each mount as a filesystem.
|
| If you're talking about /.vol/... (a.k.a. "volfs")...
|
| Some aspects of the security issues surrounding volfs were addressed
| some time ago. However, in Leopard, volfs as a file system is
| completely gone, and volfs-style lookups (i.e. "/.vol/volume-id/file-
| id") now work by obtaining the vnode using VFS_VGET(), getting the
| path / a path for the file (using the same mechanism that the
| F_GETPATH fcntl uses), and then doing a normal forward lookup on the
| file, thus completely addressing any issues with the directory
| security model.
Thank god!
christos