squell
commented
1 year ago Note: best solution is probably to modify the arg0 to contain the invoking, unresolved command.
Closed squell closed 1 year ago
squell
commented
1 year ago Note: best solution is probably to modify the arg0 to contain the invoking, unresolved command.
squell
commented
1 year ago Note: the above-proposed fix works for symlinked binaries, but not for symlinked shell scripts.
Introduced in e322f8960d4a04f7ad6c89551dc5a10f75420604; this is most evident when trying to do something like
sudo pkill; pkill is a symbolic link topgrep, but pgrep does care how it was invoked.Easy fix is of course to revert the commit, but putting the canonicalization step before permission check had a purpose (and it was mostly to deal with directories being symlinks, not the actual commands).
We should probably also add a few regression tests for this situation.