"Eric W. Biederman" <ebied...@xmission.com> writes: > Kees Cook <k...@kernel.org> writes:
>> I'm not super comfortable doing this regardless of bprm->fdpath; that >> seems like too many cases getting changed. Can we just leave it as >> depending on bprm->fdpath? I was recommending that because I did not expect that there was any widespread usage of aliasing of binary names using symlinks. I realized today that on debian there are many aliases of binaries created with the /etc/alternatives mechanism. So there is much wider exposure to problems than I would have supposed. So I remove any objections to making the new code conditional on bprm->fdpath. Eric
