[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RE : Re: openat-proc
|
From: |
Eric Blake |
|
Subject: |
Re: RE : Re: openat-proc |
|
Date: |
Mon, 09 May 2011 13:10:37 -0600 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110428 Fedora/3.1.10-1.fc14 Lightning/1.0b3pre Mnenhy/0.8.3 Thunderbird/3.1.10 |
On 05/09/2011 12:06 PM, Bastien ROUCARIES wrote:
> Sorry for top post (android)
>
> Proposed algo:
> Ofd=open(/proc,o_search)
> follow link /proc/self/fd/ofd/../proc
> If bug will resolve to
> /proc/self/fd/proc that does not exist
> If not bug suceed (because we have already opened /proc
I still don't see quite what you are proposing, but you have made me
re-read the openat-proc.c code and I think we definitely have a bug there.
Existing behavior is that there are two types of /proc:
Solaris and Cygwin - buggy, because /proc/self/fd/dir/.. resolves to
/proc/self/fd rather than to the parent directory of dir.
Linux - resolves to the desired parent directory of dir.
Then again, it looks like you have found a real bug in openat-proc.c.
Rather than comparing the inodes of '/proc/self/fd' and
'/proc/self/fd/dir/..', it is comparing the inodes of '/proc/self' and
'/proc/self/fd/..'. On both Solaris and Cygwin, this comparison
succeeds rather than fails, so it is not filtering out the buggy
platforms as desired.
There's another aspect to that file - right now, it is doing
open("/proc/self/fd",O_SEARCH) to determine if /proc is even mounted.
But that step can be strictly skipped if we merely rely on comparing the
two stat() calls to detect whether the '..' bug is present.
--
Eric Blake address@hidden +1-801-349-2682
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature