Date: Sat, 7 Feb 2015 11:04:57 -0500 From: Rich Felker <dalias@...c.org> To: musl@...ts.openwall.com Subject: Re: realpath() and setfsuid programs On Sat, Feb 07, 2015 at 04:28:29PM +0200, Timo Teras wrote: > > > Why is the check not simply an ownership check for the mount point? > > > I suspect it has to do with the need to pass a pathname rather than > > > fd to mount, which is subject to renaming/moving races, but the > > > realpath call would be subject to the same and worse. Presumably > > > the correct way to do this is to open a fd to the mountpoint then > > > pass /proc/self/fd/%d to the mount function after checking > > > ownership. > > > > Or of course just using chdir and checking ownership of ".". > > Agreed. In this case fuse seems to be the place needing fix. Dropping > privileges just for realpath() does not sound like the right approach. > > Though, I'm wondering if the issue showing up in other places -- that > is realpath() failing if fs uid is set to something that cannot > read /proc/self/fd/... realpath can fail for various reasons, like lacking permissions to a path component, fd exhaustion or other resource issues, etc. so I don't think it's a big deal for it to fail when /proc/self/fd/%d is not accessible. It's not a robust operation to begin with. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.