[compiler-rt] [sanitizer] Disable writes to log files for binaries in a secure context. (PR #92593)
Florian Mayer via llvm-commits
llvm-commits at lists.llvm.org
Fri May 17 13:30:05 PDT 2024
================
@@ -104,6 +111,16 @@ void ReportFile::SetReportPath(const char *path) {
}
}
+#ifdef HAS_GETAUXVAL
+ if (getauxval(AT_SECURE) != 0 && path &&
+ internal_strcmp(path, "stderr") != 0 &&
+ internal_strcmp(path, "stdout") != 0) {
+ Report(
+ "ERROR: Permission denied setting log_path for a binary in a secure context. You must run on a same priviledge level\n");
----------------
fmayer wrote:
nit: typo in "privilege".
Also I know what this is fixing, but I still don't really understand "You must run on a same privilege level". Also I feel talking about permission denied implies something is wrong with the filesystem permissions of the given file.
Maybe something like: "log_path must be 'stderr' or 'stdin' for AT_SECURE (e.g. setuid binaries), is '%s'"
https://github.com/llvm/llvm-project/pull/92593
More information about the llvm-commits
mailing list