documentation/filesystem_access.txt - Issue 1690983004: Extended restricted filesystem to support relative paths.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: documentation/filesystem_access.txt

Issue 1690983004: Extended restricted filesystem to support relative paths. (Closed) Base URL: https://chromium.googlesource.com/native_client/src/native_client.git@master

Patch Set: Allow relative paths without prepending CWD Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: documentation/filesystem_access.txt

diff --git a/documentation/filesystem_access.txt b/documentation/filesystem_access.txt

index b7016de87c8c73dcaf0091c99b98bfb78d499a4b..0ea0ef198ef1edfebdd91594f3fe4744cb8e9a0f 100644

--- a/documentation/filesystem_access.txt

+++ b/documentation/filesystem_access.txt

@@ -16,7 +16,6 @@ be guaranteed by the caller:

* The mounted directory is assumed to not include any symlinks.

These constraints will be enforced by sel_ldr:

- * Pathnames must be absolute. Relative pathnames are explicitly disallowed.

* Pathnames may not include the substring "..".

* Access to filesystem within sel_ldr will behave as if as if the mounted

directory is root.

@@ -68,11 +67,10 @@ Given that strategy, the following syscall changes were straightforward:

### Path sanitization

-Path sanitization happens through a three stage process:

+Requires that the cwd is within the mounted directory (set at initialization).

Mark Seaborn 2016/02/24 21:19:19 Make this "Path sanitization checks that..." so th

Sean Klein 2016/02/24 23:40:43 Done.

-1) Ensure the user's path is absolute.

-2) Prefix the path to the mounted directory.

-3) Ensure that the path does not contain "..".

+If the user's path is absolute, prefix the path to the mounted directory.

+Ensure that the path does not contain "..".

### Symlinks

« no previous file with comments | « no previous file | src/trusted/service_runtime/sel_ldr_filename.c » ('j') | src/trusted/service_runtime/sel_ldr_filename.c » ('J')