Auto merge of #33526 - steveklabnik:gh21889, r=alexcrichton
Add some warnings to std::env::current_exe /cc #21889 @rust-lang/libs @semarie I started writing this up. I'm not sure if we want to go into other things and in what depth; we don't currently have a lot of security-specific documentation to model after. Thoughts?
This commit is contained in:
bors
GitHub
commit
a63e3fac8f
@ -493,6 +493,44 @@ pub fn temp_dir() -> PathBuf {
|
||||
/// that can fail for a good number of reasons. Some errors can include, but not
|
||||
/// be limited to, filesystem operations failing or general syscall failures.
|
||||
///
|
||||
/// # Security
|
||||
///
|
||||
/// The output of this function should not be used in anything that might have
|
||||
/// security implications. For example:
|
||||
///
|
||||
/// ```
|
||||
/// fn main() {
|
||||
/// println!("{:?}", std::env::current_exe());
|
||||
/// }
|
||||
/// ```
|
||||
///
|
||||
/// On Linux systems, if this is compiled as `foo`:
|
||||
///
|
||||
/// ```bash
|
||||
/// $ rustc foo.rs
|
||||
/// $ ./foo
|
||||
/// Ok("/home/alex/foo")
|
||||
/// ```
|
||||
///
|
||||
/// And you make a symbolic link of the program:
|
||||
///
|
||||
/// ```bash
|
||||
/// $ ln foo bar
|
||||
/// ```
|
||||
///
|
||||
/// When you run it, you won't get the original executable, you'll get the
|
||||
/// symlink:
|
||||
///
|
||||
/// ```bash
|
||||
/// $ ./bar
|
||||
/// Ok("/home/alex/bar")
|
||||
/// ```
|
||||
///
|
||||
/// This sort of behavior has been known to [lead to privledge escalation] when
|
||||
/// used incorrectly, for example.
|
||||
///
|
||||
/// [lead to privledge escalation]: http://securityvulns.com/Wdocument183.html
|
||||
///
|
||||
/// # Examples
|
||||
///
|
||||
/// ```
|
||||
|
||||
Loading…
Reference in New Issue
Block a user