[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RE : Re: openat-proc

From: Eric Blake
Subject: Re: RE : Re: openat-proc
Date: Mon, 09 May 2011 13:10:37 -0600
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20110428 Fedora/3.1.10-1.fc14 Lightning/1.0b3pre Mnenhy/0.8.3 Thunderbird/3.1.10

On 05/09/2011 12:06 PM, Bastien ROUCARIES wrote:
> Sorry for top post (android)
> Proposed algo:
> Ofd=open(/proc,o_search)
> follow link /proc/self/fd/ofd/../proc
> If bug will resolve to
> /proc/self/fd/proc that does not exist
> If not bug suceed (because we have already opened /proc

I still don't see quite what you are proposing, but you have made me
re-read the openat-proc.c code and I think we definitely have a bug there.

Existing behavior is that there are two types of /proc:

Solaris and Cygwin - buggy, because /proc/self/fd/dir/.. resolves to
/proc/self/fd rather than to the parent directory of dir.

Linux - resolves to the desired parent directory of dir.

Then again, it looks like you have found a real bug in openat-proc.c.
Rather than comparing the inodes of '/proc/self/fd' and
'/proc/self/fd/dir/..', it is comparing the inodes of '/proc/self' and
'/proc/self/fd/..'.  On both Solaris and Cygwin, this comparison
succeeds rather than fails, so it is not filtering out the buggy
platforms as desired.

There's another aspect to that file - right now, it is doing
open("/proc/self/fd",O_SEARCH) to determine if /proc is even mounted.
But that step can be strictly skipped if we merely rely on comparing the
two stat() calls to detect whether the '..' bug is present.

Eric Blake   address@hidden    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]