Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: 07 Jun 2003 01:32:33 -0400
From: stanislav shalunov <shalunov@...ernet2.edu>
To: Solar Designer <solar@...nwall.com>
Cc: owl-users@...ts.openwall.com
Subject: Re: stmpclean problem

Solar Designer <solar@...nwall.com> writes:

> Currently, the chdir("/") is also done to ensure logging uses absolute
> pathnames.  This means that you will need to do realpath(3) or an
> equivalent on any relative pathnames for logging, right?

Right.  So I wanted to avoid that rathole by requiring absolute
pathnames on the command line (realpath() should work fine on Linux,
but, being a nonstandard---even if widely available function---might
not be there on other systems; besides the CAVEATS section of its man
page on FreeBSD mentions that Solaris realpath() `will, under certain
circumstances, return a relative resolved_path when given a relative
pathname').

The current behavior of silently treating relative paths as relative
to `/' clearly violates the Principle Of Least Astonishment.  It
should not be violated by bailing on relative pathnames and should not
inconvenience users too much.

> [permissions=1777 check] may be a good idea, but it will break valid
> uses, including even the default use on Owl:

OK, you convinced me that it might not be a good idea after all.
Clearing man catfiles (and, I now notice, teTeX METAFONT-generated pk
fonts) requires stmpclean-like functionality, so it makes sense to
make sure stmpclean can do that job.

How about I check for `/' as the first char of the pathname from the
command line and refuse to run if it's not there?

-- 
Stanislav Shalunov		http://www.internet2.edu/~shalunov/

This message is designed to be viewed upside down.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.