Function tauri_utils::platform::current_exe

source ·
pub fn current_exe() -> Result<PathBuf>
Expand description

Retrieves the currently running binary’s path, taking into account security considerations.

The path is cached as soon as possible (before even main runs) and that value is returned repeatedly instead of fetching the path every time. It is possible for the path to not be found, or explicitly disabled (see following macOS specific behavior).

§Platform-specific behavior

On macOS, this function will return an error if the original path contained any symlinks due to less protection on macOS regarding symlinks. This behavior can be disabled by setting the process-relaunch-dangerous-allow-symlink-macos feature, although it is highly discouraged.

§Security

If the above platform-specific behavior does not take place, this function uses the following resolution.

We canonicalize the path we received from std::env::current_exe to resolve any soft links. This avoids the usual issue of needing the file to exist at the passed path because a valid current executable result for our purpose should always exist. Notably, std::env::current_exe also has a security section that goes over a theoretical attack using hard links. Let’s cover some specific topics that relate to different ways an attacker might try to trick this function into returning the wrong binary path.

std::path::Path::canonicalize is used to resolve symbolic links to the original path, including nested symbolic links (link2 -> link1 -> bin). On macOS, any results that include a symlink are rejected by default due to lesser symlink protections. This can be disabled, although discouraged, with the process-relaunch-dangerous-allow-symlink-macos feature.

A Hard Link is a named entry that points to a file in the file system. On most systems, this is what you would think of as a “file”. The term is used on filesystems that allow multiple entries to point to the same file. The linked Hard Link Wikipedia page provides a decent overview.

In short, unless the attacker was able to create the link with elevated permissions, it should generally not be possible for them to hard link to a file they do not have permissions to - with exception to possible operating system exploits.

There are also some platform-specific information about this below.

§Windows

Windows requires a permission to be set for the user to create a symlink or a hard link, regardless of ownership status of the target. Elevated permissions users have the ability to create them.

§macOS

macOS allows for the creation of symlinks and hard links to any file. Accessing through those links will fail if the user who owns the links does not have the proper permissions on the original file.

§Linux

Linux allows for the creation of symlinks to any file. Accessing the symlink will fail if the user who owns the symlink does not have the proper permissions on the original file.

Linux additionally provides a kernel hardening feature since version 3.6 (30 September 2012). Most distributions since then have enabled the protection (setting fs.protected_hardlinks = 1) by default, which means that a vast majority of desktop Linux users should have it enabled. The feature prevents the creation of hardlinks that the user does not own or have read/write access to. See the patch that enabled this.