openSUSE / libpathrs

C-friendly API to make path resolution safer on Linux.
GNU Lesser General Public License v3.0
80 stars 6 forks source link

allow users to opt-out of fallbacks #19

Open cyphar opened 4 years ago

cyphar commented 4 years ago

One of the problems exposed by research into #7 is that there are a lot of issues with safe /proc usage on older kernels (and many more kernel features are still required). We cannot error out by default if these features are not available (nobody will use libpathrs because it won't work on most systems). So we have to make it an opt-in for very security-conscious programs (or to allow a program to print a warning if the system is insecure, and then enable the less-secure lookups).

cyphar commented 2 months ago

One particular fallback we almost certainly want to avoid is when STATX_MNT_ID is missing with the procfs resolver -- the current fallback is unsafe.