[cfe-dev] A patch for chroot checker
章磊
ioripolo at gmail.com
Fri Sep 17 00:26:26 PDT 2010
Hi Zhongxing,
I think "use enums to represent the type state" it's ok for now, but i am
not sure it meets the needs in future if we need more precise analysis.
More comments inline below.
2010/9/16 Zhongxing Xu <xuzhongxing at gmail.com>
> Hi Lei,
>
> Instead of introducing new symbols, how about use enums to represent the
> type state?
>
> For example, we could use the following states:
>
> NO_CHROOT, ROOT_CHANGED, JAIL_ENTERED, JAIL_BROKEN
>
> NO_CHROOT ---chroot(foo)--> ROOT_CHANGED ---chdir(/)--> JAIL_ENTERED
> |
>
> ------chdir('..')--> JAIL_BROKEN
>
IMO, it's something like this:
NO_CHROOT ---chroot(foo)--> ROOT_CHANGED ---chdir(/) --> JAIL_ENTERED
|
------chdir('..') --> ROOT_CHANGED
|
------foo() -->JAIL_BROKEN
What you think?
> These states are stored directly in the GDM and operated by the
> ChrootChecker. Is this sufficient for checking this?
>
OK, I'll do this later.
>
> On Tue, Sep 14, 2010 at 4:09 PM, 章磊 <ioripolo at gmail.com> wrote:
>
>> hi, clang
>>
>> This patch try to check improper use of chroot.
>>
>> In order to implement this checker, i add a subclass (SymbolEnv) of
>> SymbolData to represent some environment variables. Now it contains only one
>> kind of environment variables(JailKind).Then adds several states to the Jail
>> Symbol.
>>
>> This is an experimental checker, and i don't know it is the right way to
>> do this stuff.
>>
>> I'll appreciate it if there are any advice about this patch.
>>
>>
>>
>> --
>> Best regards!
>>
>> Lei Zhang
>>
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>>
>>
>
--
Best regards!
Lei Zhang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20100917/d9e19166/attachment.html>
More information about the cfe-dev
mailing list