[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: [PATCH] bb_make_directory(): simplify and robustify
From: Rasmus Villemoes <rasmus.villemoes () prevas ! dk>
Date: 2020-03-16 7:51:25
Message-ID: 8a00e33b-3f57-7b9b-f086-e743f345a2e2 () prevas ! dk
[Download RAW message or body]
On 11/03/2020 13.22, Rasmus Villemoes wrote:
> For something like 'mkdir -m 0700 foo', if the caller happens to have
> a permissive umask (say allowing group write via 0007 or 0002), the
> created directory will temporarily have more permissions than
> requested. That's a mild security issue.
>
> This reworks bb_make_directory() to always create both intermediate
> and the final component with 0 permissions, then chmods to the final
> value.
Urgh, please ignore this patch. While it works as advertised, it may
break the case of two processes doing "mkdir -p a/b/c" and "mkdir -p
a/b/d" in parallel - if b is created by the first process, but not yet
chmod'ed, the second process will fail. So newly created intermediate
directories must be born with at least u+wx, which means there's no way
around umask fiddling :(
Rasmus
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic