On Wed, Nov 12, 2008 at 12:46 PM,  <[EMAIL PROTECTED]> wrote:
>>I'm looking for reviewers for '6613349 setuid  not allowed message
>>could be more useful'.  I've tested it on a b101 system without any
>>issues.  It's pretty straightforward (and small) -- just modifying the
>>message to display the filesystem path (instead of the device number)
>>and making it zone aware (which is why I included security-discuss and
> Why do you use the mntpnt and why not the vp->v_path?
> Casper

Originally I did that, but there was concern v_path might not always
be correct (or available) (such as renames or with hard links IIRC),
and so might generate a confusing message in those situations.   I
wasn't aware of any mechanism that could take exec_file or the vnode
and generate a nice canonical pathname that didn't suffer from
renaming or hard link issues, so the mountpoint was chosen instead.  I
think ideally it'd be nice to have both (in case the offending binary
is deleted, you can still figure out where it took place).
zones-discuss mailing list

Reply via email to