LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Seccomp: replacing security modules?

Seccomp: replacing security modules?

Posted May 19, 2011 13:55 UTC (Thu) by error27 (subscriber, #8346)
Parent article: Seccomp: replacing security modules?

From Ingo's email:
> if (strstr(name, ".."))
> return -EACCESS;
>
> if (!strncmp(name, "/home/sandbox/", 14) &&
> !strncmp(name, "/lib/", 5) &&
> !strncmp(name, "/usr/lib/", 9))
> return -EACCESS;

Those tests are reversed. This will never return -EACCESS unless you give it a ".." filename. Hopefully, in real life someone would catch that in testing.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds