Bug 12749
| Summary: | Bug in link() and all other filename functions in linux emulator | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | Boris Nikolaus <boris> | ||||
| Component: | i386 | Assignee: | Marcel Moolenaar <marcel> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | ||||||
| Priority: | Normal | ||||||
| Version: | Unspecified | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
Responsible Changed From-To: freebsd-bugs->marcel The PR has been partially fixed, but has to linger around. Please file a PR for each individual problem in the future. For now, thanks! State Changed From-To: open->closed Fixed. Thanks... |
1. The link() system call of the linux emulator does not perform filename translation (as symlink(), unlink(), ... do). 2. The filename translation functions do not check for enough memory when performing filename translation into the stack gap. 3. flock() doesn't check the type argument. 4. The linux emulator cannot handle long filenames. Fix: 4. We should think about increasing SPARE_USRSPACE (/usr/include/sys/exec.h) to at least 2*(PATH_MAX+strlen("/compat/linux")) or use another method for filename translations. 1.+2.+3.: Apply the following patches in /usr/src/sys/i386/linux and call 'make install' in /usr/src/sys/modules/linux: How-To-Repeat: 1. Create /compat/linux/etc/dummy and try to call link("/etc/dummy", "/etc/dummy2") within the linux emulation mode. 2. Calling open() with a long filename (>256 chars) will overwrite the signal trampoline code and (if the filename is really long) the ps(1) information. 3. Try to call flock(fd, 4711); within the linux emulation mode. 4. After applying the patches, open() with long filenames will return ENAMETOOLONG.