On 07/12/2011 08:51 PM, Daniel Veillard wrote:
On Tue, Jul 12, 2011 at 04:51:51PM -0600, Eric Blake wrote:
I got bit in a debugging session on an uninstalled libvirtd; the code tried to call out to the installed $LIBEXECDIR/libvirt_iohelper instead of my just-built version. So I set a breakpoint and altered the binary name to be "./src/libvirt_iohelper", and it still failed because I don't have "." on my PATH.
According to POSIX, execvp only searches PATH if the name does not contain a slash. Since we are trying to mimic that behavior, an anchored name should be relative to the current working dir.
+ /* If we are passed an anchored path (containing a /), then there + * is no path search - it must exist in the current directory + */ + if (strchr(file, '/')) { + virFileAbsPath(file, &path); + return path; + } + /* copy PATH env so we can tweak it */ path = getenv("PATH");
That sounds right. The only issue is that the slight change of semantic may suddenly allow to run binaries outside of $PATH which may be a security concern.
You can already run binaries outside of $PATH by giving an absolute name. All this does is actually avoid the PATH search on anchored relative names.
But virFindFileInPath() shouldn't be the place to implement such a security control, so ACK,
I realized that I missed two pieces - virFileAbsPath is attribute-warn-unused, and the file also has to be executable. I squashed this in, then pushed. diff --git i/src/util/util.c w/src/util/util.c index 1654cc2..08c8050 100644 --- i/src/util/util.c +++ w/src/util/util.c @@ -578,7 +578,7 @@ int virFileResolveLink(const char *linkpath, */ char *virFindFileInPath(const char *file) { - char *path; + char *path = NULL; char *pathiter; char *pathseg; char *fullpath = NULL; @@ -600,7 +600,8 @@ char *virFindFileInPath(const char *file) * is no path search - it must exist in the current directory */ if (strchr(file, '/')) { - virFileAbsPath(file, &path); + if (virFileIsExecutable(file)) + ignore_value(virFileAbsPath(file, &path)); return path; } -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org