Re: Libc Realpath Buffer Underflow CVE-2018-1000001

[Jakub Wilk <jwilk () jwilk net>]

* halfdog <me () halfdog net>, 2018-01-11, 21:34:
> One of the weaknesses of Linux kernel is, that it is not fully POSIX 
> compliant

To clarify, POSIX deliberately doesn't have concepts of "kernel" or 
"system call"[*]. If you're debating POSIX compliance, you should take 
the whole system (kernel, libc, compiler, shell and what not...) into 
account.

That said, it's true that the current behavior of the getcwd() syscall, 
apart from being incredibly stupid, makes building a POSIX-compliant OS 
on top of the Linux kernel harder than it could be.


[*] http://pubs.opengroup.org/onlinepubs/9699919799/xrat/V4_xbd_chap03.html#tag_21_03_00_77

--
Jakub Wilk