From owner-cvs-all Tue Aug 14 19:55:15 2001 Delivered-To: cvs-all@freebsd.org Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by hub.freebsd.org (Postfix) with ESMTP id DA17237B401; Tue, 14 Aug 2001 19:55:10 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id MAA10483; Wed, 15 Aug 2001 12:54:50 +1000 Date: Wed, 15 Aug 2001 12:52:14 +1000 (EST) From: Bruce Evans X-X-Sender: To: Warner Losh Cc: Alexander Langer , "Brian F. Feldman" , , Subject: Re: cvs commit: src/sys/conf kmod.mk In-Reply-To: <200108141854.f7EIsZW17483@harmony.village.org> Message-ID: <20010815124728.S17438-100000@besplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 14 Aug 2001, Warner Losh wrote: > In message <20010814205118.B22531@zerogravity.kawo2.rwth-aachen.d> Alexander Langer writes: > : > amazingly inconsistent... I can kldload ./file.ko, but not kldload file.ko, > : > though those are both correct relative paths. kldload(8) should have > : > absolutely no trouble checking the cwd for existence of a path before giving > : > up. Why don't we just replace that search algorithm with one less broken? > : > : This is a security issue. Yes. Part of the brokenness of the current algorithm is that it inconsistent to the point of insecurity. > This is the "don't have . in root's path" consequence. Not really. Root's affects shells, not syscalls. execve() looks up the pathname in the usual way, starting in the current directory if the pathname doesn't begin with a slash. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message