path length limit in seatbelt/sandbox?
path length limit in seatbelt/sandbox?
- Subject: path length limit in seatbelt/sandbox?
- From: Michael Weiser <email@hidden>
- Date: Sun, 2 Mar 2008 01:24:29 +0100
Hello,
when trying to compile coreutils-6.10 in a sandbox, I noticed that their
getcwd() configure test yielded different results with and without the
sandbox. I did some testing and boiled it down to the attached testcase:
When a program recursively creates directories, changes into them and
calls getcwd(), it can create a rather deep directory structure before
failing with error "No such file or directory":
michael@esgaroth:~ # ./recgetcwd
getcwd: No such file or directory
..............................................................................................................................................................................................................................................................
When running the same program in a sandbox that doesn't actualy restrict
anything but has a rule containing a path name, it will fail much
earlier with "File name too long":
michael@esgaroth:~ # sandbox-exec -f recgetcwd.sb ./recgetcwd
mkdir: File name too long
..............................................................................
Has anyone come across this?
--
bye, Micha
#include <unistd.h>
#include <errno.h>
#include <stdio.h>
#define TD "recgetcwddir"
int main(void) {
char *d;
int lev = 0;
while (1) {
printf(".");
if (mkdir(TD, 0755)) {
perror("mkdir");
break;
}
if (chdir(TD)) {
perror("chdir");
break;
}
d = getcwd(NULL, 0);
if (d == NULL) {
perror("getcwd");
break;
}
free(d);
lev++;
}
printf("\n");
chdir("..");
while (lev >= 0 && !rmdir(TD)) {
chdir("..");
lev--;
}
}
(version 1)
(allow default)
(allow file-read* file-write*
(literal
"/"
)
)
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden