On 08/10/12 09:10, Edward Pilatowicz wrote:
On Thu, Aug 02, 2012 at 04:20:50PM -0700, Brock Pytlik wrote:
Webrev:
https://cr.opensolaris.org/action/browse/pkg/bpytlik/7140372-v1
Bug:
7140372 Traceback on unexpected subdir in /etc/certs/CA/foo
For now, I think skipping directories is the right answer. If we
decide that's something we want to support, we can treat that as a
separate RFE.
looks correct to me. but is there any reason that we do the directory
check after failing to load certs? before we try to load certs we call
"islink(pth)" to skip links, why not check for directories and skip them
as well?
I wanted to minimize delta, so I didn't want to make the larger change
of using stat and looking at those properties. We need to check the link
before we open it for security reasons I think. On the other hand,
opening a directory doesn't have the same implications and is likely to
be very rare, hence treating it as an exception condition rather than
checking on every certificate we read.
Brock
ed
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
