[cfe-dev] A patch for chroot checker

Zhongxing Xu xuzhongxing at gmail.com
Wed Sep 15 19:25:16 PDT 2010


Hi Lei,

Instead of introducing new symbols, how about use enums to represent the
type state?

For example, we could use the following states:

NO_CHROOT, ROOT_CHANGED, JAIL_ENTERED, JAIL_BROKEN

NO_CHROOT ---chroot(foo)--> ROOT_CHANGED ---chdir(/)--> JAIL_ENTERED
                                                                   |

------chdir('..')--> JAIL_BROKEN

These states are stored directly in the GDM and operated by the
ChrootChecker. Is this sufficient for checking this?

On Tue, Sep 14, 2010 at 4:09 PM, 章磊 <ioripolo at gmail.com> wrote:

> hi, clang
>
> This patch try to check improper use of chroot.
>
> In order to implement this checker, i add a subclass (SymbolEnv) of
> SymbolData to represent some environment variables. Now it contains only one
> kind of environment variables(JailKind).Then adds several states to the Jail
> Symbol.
>
> This is an experimental checker, and i don't know it is the right way to do
> this stuff.
>
> I'll appreciate it if there are any advice about this patch.
>
>
>
> --
> Best regards!
>
> Lei Zhang
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20100916/bc20a39a/attachment-0001.html>


More information about the cfe-dev mailing list