Re: namei and path canonicalization

[David Holland <dholland-tech%netbsd.org@localhost>]

On Tue, Nov 07, 2017 at 10:30:38PM -0500, Christos Zoulas wrote:
 > On Nov 8,  3:12am, dholland-tech%netbsd.org@localhost (David Holland) wrote:
 > -- Subject: Re: namei and path canonicalization
 > 
 > | On Tue, Nov 07, 2017 at 11:11:16PM +0000, Christos Zoulas wrote:
 > |  > In article <20171107222924.GE17761%netbsd.org@localhost>,
 > |  > David Holland  <dholland-tech%netbsd.org@localhost> wrote:
 > |  > >
 > |  > >Also it occurs to me that there's no reason for the kernel to do the
 > |  > >getcwd call; it should just provide the argument given to exec in all
 > |  > >cases, and ld.so can do the getcwd call itself if necessary (if the
 > |  > >string it finds doesn't begin with '/') when/if something uses
 > |  > >$ORIGIN.
 > |  > 
 > |  > The kernel does not need to do the getcwd() call, but someone (rtld) will
 > |  > eventually do it for $ORIGIN, either lazily or always.
 > | 
 > | Right -- hopefully it can be done lazily, i.e. often not at all.
 > | 
 > |  > As for killing $ORIGIN for setuid programs, this is already in the ELF
 > |  > specification:
 > | 
 > | Sure, but shouldn't we also not pass AT_SUN_EXECNAME for setugid programs?
 > 
 > I am not sure if we go that far; this information is not used...

We don't, at least as of your changes this afternoon which always set
it... I'm wondering if we should though. Any setugid program that uses
that value is presumptively doing something dangerous, and it's not
clear that there's anything non-dangerous that *can* be done with it.

-- 
David A. Holland
dholland%netbsd.org@localhost