RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 00:27:45 +00:00
Code Issues Activity Actions

Kernel: Clarify ambiguous {File,Description}::absolute_path

Browse source 
Found due to smelly code in InodeFile::absolute_path.

In particular, this replaces the following misleading methods:

File::absolute_path
This method *never* returns an actual path, and if called on an
InodeFile (which is impossible), it would VERIFY_NOT_REACHED().

OpenFileDescription::try_serialize_absolute_path
OpenFileDescription::absolute_path
These methods do not guarantee to return an actual path (just like the
other method), and just like Custody::absolute_path they do not
guarantee accuracy. In particular, just renaming the method made a
TOCTOU bug obvious.

The new method signatures use KResultOr, just like
try_serialize_absolute_path() already did.
This commit is contained in:
Ben Wiederhake 2021-10-30 00:45:23 +02:00 committed by Andreas Kling
parent 88ca12f037
commit c05c5a7ff4
28 changed files with 83 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Kernel/Syscalls/execve.cpp
View file

@ -275,7 +275,7 @@ static KResultOr<LoadResult> load_elf_object(NonnullOwnPtr<Memory::AddressSpace>
size_t master_tls_alignment = 0;
FlatPtr load_base_address = 0;
auto elf_name = TRY(object_description.try_serialize_absolute_path());
auto elf_name = TRY(object_description.pseudo_path());
VERIFY(!Processor::in_critical());
Memory::MemoryManager::enter_address_space(*new_space);
@ -438,7 +438,9 @@ KResult Process::do_exec(NonnullRefPtr<OpenFileDescription> main_program_descrip
{
VERIFY(is_user_process());
VERIFY(!Processor::in_critical());
auto path = TRY(main_program_description->try_serialize_absolute_path());
// Although we *could* handle a pseudo_path here, trying to execute something that doesn't have
// a custody (e.g. BlockDevice or RandomDevice) is pretty suspicious anyway.
auto path = TRY(main_program_description->original_absolute_path());
dbgln_if(EXEC_DEBUG, "do_exec: {}", path);

6
Kernel/Syscalls/mount.cpp
View file

@ -70,7 +70,8 @@ KResultOr<FlatPtr> Process::sys$mount(Userspace<const Syscall::SC_mount_params*>
return ENODEV;
}
dbgln("mount: attempting to mount {} on {}", description->absolute_path(), target);
auto source_pseudo_path = TRY(description->pseudo_path());
dbgln("mount: attempting to mount {} on {}", source_pseudo_path, target);
fs = TRY(Ext2FS::try_create(*description));
} else if (fs_type == "9p"sv || fs_type == "Plan9FS"sv) {
@ -96,7 +97,8 @@ KResultOr<FlatPtr> Process::sys$mount(Userspace<const Syscall::SC_mount_params*>
dbgln("mount: this is not a seekable file");
return ENODEV;
}
dbgln("mount: attempting to mount {} on {}", description->absolute_path(), target);
auto source_pseudo_path = TRY(description->pseudo_path());
dbgln("mount: attempting to mount {} on {}", source_pseudo_path, target);
fs = TRY(ISO9660FS::try_create(*description));
} else {
return ENODEV;

4
Kernel/Syscalls/statvfs.cpp
View file

@ -77,7 +77,9 @@ KResultOr<FlatPtr> Process::sys$fstatvfs(int fd, statvfs* buf)
REQUIRE_PROMISE(stdio);
auto description = TRY(fds().open_file_description(fd));
return do_statvfs(description->absolute_path(), buf);
auto absolute_path = TRY(description->original_absolute_path());
// FIXME: TOCTOU bug! The file connected to the fd may or may not have been moved, and the name possibly taken by a different file.
return do_statvfs(absolute_path->view(), buf);
}
}