| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Map safepath errors to strings. | Kaz Kylheku | 2022-07-23 | 1 | -0/+21 |
| | | | | | | | | * safepath.[ch]: New function, safepath_strerr. * testsp.c (main): Use new function to print message, rather than integer code. | ||||
| * | Check using effective UID, not real. | Kaz Kylheku | 2022-07-23 | 1 | -3/+3 |
| | | | | | | | | | | | | | | | | | | | | We don't want to behave like the access function, which is intended for use in setuid programs to determine what the original user can access. The purpose of safepath_check is to check whether the filesystem can harm the caller. For that, the effective identity that is being wielded should be used. A setuid executable might have a real user ID bob, but effective root. Root does not trust bob; root doesn't want to follow a symlink controlled by bob. * safepath.c (safe_group, tamper_proof): Replace getuid calls with geteuid. * README.md: Updated text. | ||||
| * | Fix some inaccurate comments. | Kaz Kylheku | 2022-07-23 | 1 | -11/+10 |
| | | | | | | * safepath.c (tamper_proof, safepath_check): Reword outdated comments. | ||||
| * | safepath: new project. | Kaz Kylheku | 2022-07-22 | 1 | -0/+384 |
 |
index : safepath | |
| Library for Validating Filesystem Path Safety | kaz@kylheku.com |
| aboutsummaryrefslogtreecommitdiffstats |
path: root/safepath.c