mirror of
https://github.com/RGBCube/serenity
synced 2025-07-27 00:27:45 +00:00
Kernel: Clarify ambiguous {File,Description}::absolute_path
Found due to smelly code in InodeFile::absolute_path. In particular, this replaces the following misleading methods: File::absolute_path This method *never* returns an actual path, and if called on an InodeFile (which is impossible), it would VERIFY_NOT_REACHED(). OpenFileDescription::try_serialize_absolute_path OpenFileDescription::absolute_path These methods do not guarantee to return an actual path (just like the other method), and just like Custody::absolute_path they do not guarantee accuracy. In particular, just renaming the method made a TOCTOU bug obvious. The new method signatures use KResultOr, just like try_serialize_absolute_path() already did.
This commit is contained in:
parent
88ca12f037
commit
c05c5a7ff4
28 changed files with 83 additions and 65 deletions
|
@ -275,7 +275,7 @@ static KResultOr<LoadResult> load_elf_object(NonnullOwnPtr<Memory::AddressSpace>
|
|||
size_t master_tls_alignment = 0;
|
||||
FlatPtr load_base_address = 0;
|
||||
|
||||
auto elf_name = TRY(object_description.try_serialize_absolute_path());
|
||||
auto elf_name = TRY(object_description.pseudo_path());
|
||||
VERIFY(!Processor::in_critical());
|
||||
|
||||
Memory::MemoryManager::enter_address_space(*new_space);
|
||||
|
@ -438,7 +438,9 @@ KResult Process::do_exec(NonnullRefPtr<OpenFileDescription> main_program_descrip
|
|||
{
|
||||
VERIFY(is_user_process());
|
||||
VERIFY(!Processor::in_critical());
|
||||
auto path = TRY(main_program_description->try_serialize_absolute_path());
|
||||
// Although we *could* handle a pseudo_path here, trying to execute something that doesn't have
|
||||
// a custody (e.g. BlockDevice or RandomDevice) is pretty suspicious anyway.
|
||||
auto path = TRY(main_program_description->original_absolute_path());
|
||||
|
||||
dbgln_if(EXEC_DEBUG, "do_exec: {}", path);
|
||||
|
||||
|
|
|
@ -70,7 +70,8 @@ KResultOr<FlatPtr> Process::sys$mount(Userspace<const Syscall::SC_mount_params*>
|
|||
return ENODEV;
|
||||
}
|
||||
|
||||
dbgln("mount: attempting to mount {} on {}", description->absolute_path(), target);
|
||||
auto source_pseudo_path = TRY(description->pseudo_path());
|
||||
dbgln("mount: attempting to mount {} on {}", source_pseudo_path, target);
|
||||
|
||||
fs = TRY(Ext2FS::try_create(*description));
|
||||
} else if (fs_type == "9p"sv || fs_type == "Plan9FS"sv) {
|
||||
|
@ -96,7 +97,8 @@ KResultOr<FlatPtr> Process::sys$mount(Userspace<const Syscall::SC_mount_params*>
|
|||
dbgln("mount: this is not a seekable file");
|
||||
return ENODEV;
|
||||
}
|
||||
dbgln("mount: attempting to mount {} on {}", description->absolute_path(), target);
|
||||
auto source_pseudo_path = TRY(description->pseudo_path());
|
||||
dbgln("mount: attempting to mount {} on {}", source_pseudo_path, target);
|
||||
fs = TRY(ISO9660FS::try_create(*description));
|
||||
} else {
|
||||
return ENODEV;
|
||||
|
|
|
@ -77,7 +77,9 @@ KResultOr<FlatPtr> Process::sys$fstatvfs(int fd, statvfs* buf)
|
|||
REQUIRE_PROMISE(stdio);
|
||||
|
||||
auto description = TRY(fds().open_file_description(fd));
|
||||
return do_statvfs(description->absolute_path(), buf);
|
||||
auto absolute_path = TRY(description->original_absolute_path());
|
||||
// FIXME: TOCTOU bug! The file connected to the fd may or may not have been moved, and the name possibly taken by a different file.
|
||||
return do_statvfs(absolute_path->view(), buf);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue