Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 7 Feb 2015 11:04:57 -0500
From: Rich Felker <>
Subject: Re: realpath() and setfsuid programs

On Sat, Feb 07, 2015 at 04:28:29PM +0200, Timo Teras wrote:
> > > Why is the check not simply an ownership check for the mount point?
> > > I suspect it has to do with the need to pass a pathname rather than
> > > fd to mount, which is subject to renaming/moving races, but the
> > > realpath call would be subject to the same and worse. Presumably
> > > the correct way to do this is to open a fd to the mountpoint then
> > > pass /proc/self/fd/%d to the mount function after checking
> > > ownership.
> > 
> > Or of course just using chdir and checking ownership of ".".
> Agreed. In this case fuse seems to be the place needing fix. Dropping
> privileges just for realpath() does not sound like the right approach.
> Though, I'm wondering if the issue showing up in other places -- that
> is realpath() failing if fs uid is set to something that cannot
> read /proc/self/fd/...

realpath can fail for various reasons, like lacking permissions to a
path component, fd exhaustion or other resource issues, etc. so I
don't think it's a big deal for it to fail when /proc/self/fd/%d is
not accessible. It's not a robust operation to begin with.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.