On Wed, Nov 27, 2002 at 01:04:04PM +1100, Paul Szabo wrote: > Back in March 2002, Wojciech Purczynski <cliph@isec.pl> wrote (original > article at http://online.securityfocus.com/archive/1/264117 ): > > > Name: Linux kernel > > Version: up to 2.2.20 and 2.4.18 > > ... > > In case of excessively long path names d_path kernel internal function > > returns truncated trailing components of a path name instead of an error > > value. As this function is called by getcwd(2) system call and > > do_proc_readlink() function, false information may be returned to > > user-space processes. > > The problem is still present in Debian 2.4.19 kernel. I have not tried 2.5, > but see nothing relevant in the Changelogs at http://www.kernel.org/ . FWIW, I've included a workaround for this (covering the getcwd(2) case only, not other uses of d_path() by the kernel or modules) in 2.2.21-ow1 patch and it went into 2.2.22 release in September. This kind of proves the need for double-checking newer kernel branches (2.4.x and 2.5.x currently) for fixes going into what many consider stable kernels. -- /sd
