[LinuxBIOS] [PATCH][LAR] New LAR access functions
Stefan Reinauer
stepan at coresystems.de
Thu Jul 12 16:52:12 CEST 2007
* Peter Stuge <peter at stuge.se> [070712 00:58]:
> Sorry. Since we don't store directories in lar it should indeed mkdir
> -p implicitly. But I think a bit of sanity would be nice here since a
> lar could otherwise be used to overwrite arbitrary system files.
You compile LinuxBIOS as root?
> I'll make a patch for mkdirp() that ensures the directory to be
> created is actually below the current directory (and also improve the
> return-to-cwd code in mkdir() a bit while at it) if there's interest.
> Would that be the right place to put it?
Rather check the path before mkdir()ing.
I am pretty sure the mkdir efforts can easily be tricked by a couple of
symlinks in the path, so I wonder how much use there is in trying to
make this "secure" since it never runs as root anyways, and in a very
controlled environment.
Stefan
--
coresystems GmbH • Brahmsstr. 16 • D-79104 Freiburg i. Br.
Tel.: +49 761 7668825 • Fax: +49 761 7664613
Email: info at coresystems.de • http://www.coresystems.de/
Registergericht: Amtsgericht Freiburg • HRB 7656
Geschäftsführer: Stefan Reinauer • Ust-IdNr.: DE245674866
More information about the coreboot
mailing list