[systemd-devel] [PATCH] util: do not execute files without exec permission
Lennart Poettering
lennart at poettering.net
Mon Aug 18 12:10:02 PDT 2014
On Mon, 18.08.14 20:47, Ronny Chevalier (chevalier.ronny at gmail.com) wrote:
>
> 2014-08-18 15:51 GMT+02:00 Lennart Poettering <lennart at poettering.net>:
> > On Sat, 16.08.14 14:24, Ronny Chevalier (chevalier.ronny at gmail.com) wrote:
> >
> > What's the rationale here? I think it makes a lot of sense to output an
> > error if people drop non-executable files in such a directory...
> >
> Yeah it makes sense. But it is useless to fork & exec() when we know
> it will fail so maybe leave the check and add a warning ?
Dunno. Is this a real problem? I mean, failing after the fork()
shouldn't be much of a real-life problem, since it realistically never
really happens.
In general I always try to be careful with these cases that might be
vulnerable TOCTTOU issues. Not that this was really an issue in this
case, but I'd prefer if the kernel's exec() syscall would figure out
that something isn't executable, rather than us, since we cannot do it
atomically, and somebody could toggle the x bit of a file right after we
ran access() on it, but before the exec()... Hence, I'd prefer to avoid
any explicit access() check, unless we really know that this is a common
issue.
Hope that makes sense,
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list