Skip to content

Commit

Permalink
Auto merge of #33526 - steveklabnik:gh21889, r=alexcrichton
Browse files Browse the repository at this point in the history 
Add some warnings to std::env::current_exe

/cc #21889 @rust-lang/libs @semarie

I started writing this up. I'm not sure if we want to go into other things and in what depth; we don't currently have a lot of security-specific documentation to model after.

Thoughts?
  • Loading branch information
@bors
bors authored Jul 20, 2016
2 parents 48c2454 + c4730da commit a63e3fa
Showing 1 changed file with 38 additions and 0 deletions.
38 changes: 38 additions & 0 deletions src/libstd/env.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -493,6 +493,44 @@ pub fn temp_dir() -> PathBuf {
/// that can fail for a good number of reasons. Some errors can include, but not
/// be limited to, filesystem operations failing or general syscall failures.
///
/// # Security
///
/// The output of this function should not be used in anything that might have
/// security implications. For example:
///
/// ```
/// fn main() {
/// println!("{:?}", std::env::current_exe());
/// }
/// ```
///
/// On Linux systems, if this is compiled as `foo`:
///
/// ```bash
/// $ rustc foo.rs
/// $ ./foo
/// Ok("/home/alex/foo")
/// ```
///
/// And you make a symbolic link of the program:
///
/// ```bash
/// $ ln foo bar
/// ```
///
/// When you run it, you won't get the original executable, you'll get the
/// symlink:
///
/// ```bash
/// $ ./bar
/// Ok("/home/alex/bar")
/// ```
///
/// This sort of behavior has been known to [lead to privledge escalation] when
/// used incorrectly, for example.
///
/// [lead to privledge escalation]: http://securityvulns.com/Wdocument183.html
///
/// # Examples
///
/// ```
Expand Down

0 comments on commit a63e3fa

Please sign in to comment.