On 05/09/2011 12:06 PM, Bastien ROUCARIES wrote: > Sorry for top post (android) > > Proposed algo: > Ofd=open(/proc,o_search) > follow link /proc/self/fd/ofd/../proc > If bug will resolve to > /proc/self/fd/proc that does not exist > If not bug suceed (because we have already opened /proc
I still don't see quite what you are proposing, but you have made me
re-read the openat-proc.c code and I think we definitely have a bug there.
Existing behavior is that there are two types of /proc:
Solaris and Cygwin - buggy, because /proc/self/fd/dir/.. resolves to
/proc/self/fd rather than to the parent directory of dir.
Linux - resolves to the desired parent directory of dir.
Then again, it looks like you have found a real bug in openat-proc.c.
Rather than comparing the inodes of '/proc/self/fd' and
'/proc/self/fd/dir/..', it is comparing the inodes of '/proc/self' and
'/proc/self/fd/..'. On both Solaris and Cygwin, this comparison
succeeds rather than fails, so it is not filtering out the buggy
platforms as desired.
There's another aspect to that file - right now, it is doing
open("/proc/self/fd",O_SEARCH) to determine if /proc is even mounted.
But that step can be strictly skipped if we merely rely on comparing the
two stat() calls to detect whether the '..' bug is present.
--
Eric Blake ebl...@redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
