On Wed, Nov 12, 2008 at 12:46 PM, <[EMAIL PROTECTED]> wrote:
>>I'm looking for reviewers for '6613349 setuid not allowed message
>>could be more useful'. I've tested it on a b101 system without any
>>issues. It's pretty straightforward (and small) -- just modifying the
>>message to display the filesystem path (instead of the device number)
>>and making it zone aware (which is why I included security-discuss and
> Why do you use the mntpnt and why not the vp->v_path?
Originally I did that, but there was concern v_path might not always
be correct (or available) (such as renames or with hard links IIRC),
and so might generate a confusing message in those situations. I
wasn't aware of any mechanism that could take exec_file or the vnode
and generate a nice canonical pathname that didn't suffer from
renaming or hard link issues, so the mountpoint was chosen instead. I
think ideally it'd be nice to have both (in case the offending binary
is deleted, you can still figure out where it took place).
zones-discuss mailing list