summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2013-11-08 21:33:42 -0500
committerRich Felker <dalias@aerifal.cx>2013-11-08 21:33:42 -0500
commit41a9ba25cd810fb86ad0d6943bf2d5556d91b99e (patch)
treebc8160ad56689739c15d53db146c5e1b5ea58463
parent1d0d2df609b2e47615c7798d1a09e69a2caff24b (diff)
downloadmusl-41a9ba25cd810fb86ad0d6943bf2d5556d91b99e.tar.gz
musl-41a9ba25cd810fb86ad0d6943bf2d5556d91b99e.tar.bz2
musl-41a9ba25cd810fb86ad0d6943bf2d5556d91b99e.tar.xz
musl-41a9ba25cd810fb86ad0d6943bf2d5556d91b99e.zip
remove O_NOFOLLOW from __map_file used for time zone file loading
it's not clear why I originally wrote O_NOFOLLOW into this; I suspect the reason was with an aim of making the function more general for mapping partially or fully untrusted files provided by the user. however, the timezone code already precludes use of absolute or relative pathnames in suid/sgid programs, and disallows .. in pathnames which are relative to one of the system timezone locations, so there is no threat of opening a symlink which is not trusted by appropriate user. since some users may wish to put symbolic links in the zoneinfo directories to alias timezones, it seems preferable to allow this.
-rw-r--r--src/time/__map_file.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/time/__map_file.c b/src/time/__map_file.c
index b322f095..84ae839f 100644
--- a/src/time/__map_file.c
+++ b/src/time/__map_file.c
@@ -9,7 +9,7 @@ const char unsigned *__map_file(const char *pathname, size_t *size)
{
struct stat st;
const unsigned char *map = MAP_FAILED;
- int flags = O_RDONLY|O_LARGEFILE|O_CLOEXEC|O_NOFOLLOW|O_NONBLOCK;
+ int flags = O_RDONLY|O_LARGEFILE|O_CLOEXEC|O_NONBLOCK;
int fd = __syscall(SYS_open, pathname, flags);
if (fd < 0) return 0;
if (!__syscall(SYS_fstat, fd, &st))