[LinuxBIOS] [PATCH][LAR] New LAR access functions

Stefan Reinauer stepan at coresystems.de
Thu Jul 12 16:52:12 CEST 2007

* Peter Stuge <peter at stuge.se> [070712 00:58]:
> Sorry. Since we don't store directories in lar it should indeed mkdir
> -p implicitly. But I think a bit of sanity would be nice here since a
> lar could otherwise be used to overwrite arbitrary system files.

You compile LinuxBIOS as root?

> I'll make a patch for mkdirp() that ensures the directory to be
> created is actually below the current directory (and also improve the
> return-to-cwd code in mkdir() a bit while at it) if there's interest.
> Would that be the right place to put it?

Rather check the path before mkdir()ing.

I am pretty sure the mkdir efforts can easily be tricked by a couple of
symlinks in the path, so I wonder how much use there is in trying to
make this "secure" since it never runs as root anyways, and in a very
controlled environment.


coresystems GmbH • Brahmsstr. 16 • D-79104 Freiburg i. Br.
      Tel.: +49 761 7668825 • Fax: +49 761 7664613
Email: info at coresystems.dehttp://www.coresystems.de/
Registergericht: Amtsgericht Freiburg • HRB 7656
Geschäftsführer: Stefan Reinauer • Ust-IdNr.: DE245674866

More information about the coreboot mailing list