perfMemory_bsd.cpp get_user_name_slow misses check ?
Baesken, Matthias
matthias.baesken at sap.com
Tue Feb 4 12:26:22 UTC 2020
Hi Gerard , thanks for the input !
So I think we keep the mac/bsd version "as it is" .
Best regards, Matthias
>
> hi Matthias,
>
> Looking at "open_directory_secure()" API, which is called just before
> "is_directory_secure()", seems to suggest that it is the
> "is_directory_secure()" call that is not needed here.
>
> So perhaps linux/win/solaris have it wrong and bsd got it right?
>
>
> // Open the directory of the given path and validate it.
> // Return a DIR * of the open directory.
> //
> static DIR *open_directory_secure(const char* dirname) {
> // Open the directory using open() so that it can be verified
> // to be secure by calling is_dirfd_secure(), opendir() and then check
> // to see if they are the same file system object. This method does not
> // introduce a window of opportunity for the directory to be attacked
> that
> // calling opendir() and is_directory_secure() does.
>
>
>
> cheers
>
More information about the hotspot-dev
mailing list