30 Sep
2024
30 Sep
'24
8:10 p.m.
"Eric W. Biederman" ebiederm@xmission.com writes:
Kees Cook kees@kernel.org writes:
I'm not super comfortable doing this regardless of bprm->fdpath; that seems like too many cases getting changed. Can we just leave it as depending on bprm->fdpath?
I was recommending that because I did not expect that there was any widespread usage of aliasing of binary names using symlinks.
I realized today that on debian there are many aliases of binaries created with the /etc/alternatives mechanism. So there is much wider exposure to problems than I would have supposed.
So I remove any objections to making the new code conditional on bprm->fdpath.
Eric