Index: src/trusted/service_runtime/sys_fdio.c |
diff --git a/src/trusted/service_runtime/sys_fdio.c b/src/trusted/service_runtime/sys_fdio.c |
index dfa5c5b30584d292298546200a93549d90ca0076..7de268cf86d5e974d4897595e249c0c466d07598 100644 |
--- a/src/trusted/service_runtime/sys_fdio.c |
+++ b/src/trusted/service_runtime/sys_fdio.c |
@@ -135,7 +135,7 @@ int32_t NaClSysGetdents(struct NaClAppThread *natp, |
"%"NACL_PRIuS"[0x%"NACL_PRIxS"])\n"), |
(uintptr_t) natp, d, dirp, count, count); |
- if (!NaClAclBypassChecks) { |
+ if (!NaClAclBypassChecks && NaClRootFolder == NULL) { |
jtolds
2015/06/25 23:05:05
definitely worried the most about Getdents here. D
Mark Seaborn
2015/06/25 23:55:09
The ".." entries reported by getdents() don't conv
|
/* |
* Filesystem access is disabled, so disable the getdents() syscall. |
* We do this for security hardening, though it should be redundant, |
@@ -416,7 +416,7 @@ int32_t NaClSysFstat(struct NaClAppThread *natp, |
retval = (*((struct NaClDescVtbl const *) ndp->base.vtbl)-> |
Fstat)(ndp, &result); |
if (0 == retval) { |
- if (!NaClAclBypassChecks) { |
+ if (!NaClAclBypassChecks && NaClRootFolder == NULL) { |
result.nacl_abi_st_ino = NACL_FAKE_INODE_NUM; |
} |
if (!NaClCopyOutToUser(nap, nasp, &result, sizeof result)) { |