Xref: utzoo comp.unix.wizards:9204 comp.sources.d:2265
Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!ames!oliveb!sun!limes@ouroborous
From: limes@ouroborous (Greg Limes)
Newsgroups: comp.unix.wizards,comp.sources.d
Subject: Re: Finding where an executable was run from -- a proposal.
Message-ID: <56052@sun.uucp>
Date: 10 Jun 88 04:35:24 GMT
References: <2272@isis.UUCP> <1889@mhres.mh.nl> <1263@basser.oz>
Sender: news@sun.uucp
Reply-To: limes@ouroborous (Greg Limes)
Followup-To: comp.unix.wizards
Organization: Sun Microsystems, Inc.
Lines: 50

GENERAL COMMENTS

   First off, thanks in advance for not wiring the base directory into the
   program anywhere; your application will fit nicely into a networked
   workstation environment where the users may mount your installed directory
   tree anywhere.

IGNORE THE ENVIRONMENT

   Fancy environment variables are fine, but these fail in unexpected ways;
   remember that the variable is blindly inherited across exec() calls. Thus, if
   your program was started by a "make" (or similar utility), you may get
   pointed to the wrong guy. Also, you may find that a large number of
   installations will not support this special new environment variable in any
   case. 

FORGET MODIFYING THE KERNEL

   Can you imagine trying to get all the Unix vendors together on this? Can you
   imagine trying to get all the customers to upgrade? I know of at least one
   major installation of Sun workstations that is still running SunOS 3.2 Beta!

DUPLICATE exec()'s WORK

   The only thing we can really count on (and even this not always) is that, if
   we do the same kind of search that exec() does, we should come up with the
   same destination. So, it looks like we will need to scan the $PATH variable,
   looking for an executable called (argv[0]).

REMEMBER SYMBOLIC LINKS

   Now, we probably want to find the directory, so toss in a readlink() and you
   are there. Add error checking to taste, season well with lint.

FINGERPRINT THE DIRECTORY

   To make this secure, fingerprint your directory. Make a read-only file that
   is set-uid to a user id number that your EXECUTABLE knows about, and put some
   data in the file so you are sure this is the right fingerprint. If I were
   worried about making, say, GnuEmacs "absolutely sure" of its start point, I
   would set up a "message of the day", owned by (say) daemon, setuid, and read
   only. Make all your critical files owned by and writable only by the same
   user.  Joe Hacker who duplicates the installation with the intention of
   changing things around will be unable to duplicate the key file, and the
   application will know that it has found an improper installation directory.
   You may want to fingerprint each directory in the tree, just in case someone
   gets fancy with mount points.

Anybody see any big holes here? (yea, a stupid question, I know...)

-- Greg Limes [limes@sun.com]				frames to /dev/fb