[physfs] PHYSFS_mkdir() fixes.
David Hedbor
david at hedbor.org
Wed Mar 19 03:20:22 EST 2003
"Ryan C. Gordon" <icculus at clutteredmind.org> writes:
> The latest CVS of physfs has some important mkdir fixes.
>
> First, this case would fail:
>
> If you have a write dir of /home/user/mygame" and wanted
> to create "data/savegames/" under that when neither exist,
>
> PHYSFS_mkdir("/data/savegames"); would fail, because the security
> verifier would throw up when it saw "data" didn't exist. This isn't
> actually a security violation, but a convenient place to optimize; why
> keep looking for security violations in pathnames that don't exist?
>
> The problem is that mkdir won't create those paths in the first place
> until the security verifier approves it. Now we can tell the verifier to
> ignore missing paths and just keep checking for things like ".." and such.
>
> This case failed, too, if "data" already existed, since the platform
> drivers's "mkdir" implementation considers it an error to create a dir
> that already exists, so PHYSFS_mkdir() would fail without creating the
> "savegames" dir. Now we check if the path element exists (and is a dir!)
> before trying to create it, and skip to the next path element if it's
> already kosher.
>
> Anyone using physfs is encouraged to upgrade if they use PHYSFS_mkdir().
So, does it handle this case correctly:
foo.zip contains directory /foo/
write_path doesn't
user wants to mkdir(/foo/bar/)
I assume it checks for the existance of the directory/ies in the write
path only?
--
[ Below is a random fortune, which is unrelated to the above message. ]
You have an unusual understanding of the problems of human relationships.
More information about the physfs
mailing list