| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
* Makefile (DIAG_FLAGS): Sanitize for memory misuse and
undefined behavior.
|
| |
|
|
|
|
|
| |
* safepath.[ch]: New function, safepath_strerr.
* testsp.c (main): Use new function to print message,
rather than integer code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't want to behave like the access function, which is
intended for use in setuid programs to determine what the
original user can access.
The purpose of safepath_check is to check whether the
filesystem can harm the caller. For that, the effective
identity that is being wielded should be used.
A setuid executable might have a real user ID bob,
but effective root. Root does not trust bob; root
doesn't want to follow a symlink controlled by bob.
* safepath.c (safe_group, tamper_proof): Replace getuid
calls with geteuid.
* README.md: Updated text.
|
| |
|
|
|
| |
* safepath.c (tamper_proof, safepath_check): Reword outdated
comments.
|
| | |
|
| |
|
