2014-08-18 21:10 GMT+02:00 Lennart Poettering <[email protected]>: > On Mon, 18.08.14 20:47, Ronny Chevalier ([email protected]) wrote: > >> >> 2014-08-18 15:51 GMT+02:00 Lennart Poettering <[email protected]>: >> > On Sat, 16.08.14 14:24, Ronny Chevalier ([email protected]) wrote: >> > >> > What's the rationale here? I think it makes a lot of sense to output an >> > error if people drop non-executable files in such a directory... >> > >> Yeah it makes sense. But it is useless to fork & exec() when we know >> it will fail so maybe leave the check and add a warning ? > > Dunno. Is this a real problem? I mean, failing after the fork() > shouldn't be much of a real-life problem, since it realistically never > really happens. > > In general I always try to be careful with these cases that might be > vulnerable TOCTTOU issues. Not that this was really an issue in this > case, but I'd prefer if the kernel's exec() syscall would figure out > that something isn't executable, rather than us, since we cannot do it > atomically, and somebody could toggle the x bit of a file right after we > ran access() on it, but before the exec()... Hence, I'd prefer to avoid > any explicit access() check, unless we really know that this is a common > issue. > > Hope that makes sense, Yeah it totally makes sense.
> > Lennart > > -- > Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
