On Wed, Nov 12, 2008 at 12:46 PM, <Casper.Dik at sun.com> wrote: > >>I'm looking for reviewers for '6613349 setuid not allowed message >>could be more useful'. I've tested it on a b101 system without any >>issues. It's pretty straightforward (and small) -- just modifying the >>message to display the filesystem path (instead of the device number) >>and making it zone aware (which is why I included security-discuss and >>zones-discuss). > > > Why do you use the mntpnt and why not the vp->v_path? > > Casper > >
Originally I did that, but there was concern v_path might not always be correct (or available) (such as renames or with hard links IIRC), and so might generate a confusing message in those situations. I wasn't aware of any mechanism that could take exec_file or the vnode and generate a nice canonical pathname that didn't suffer from renaming or hard link issues, so the mountpoint was chosen instead. I think ideally it'd be nice to have both (in case the offending binary is deleted, you can still figure out where it took place).
