[prev in list] [next in list] [prev in thread] [next in thread] 

List:       hurd-help
Subject:    Re: recursive commands
From:       nisse () lysator ! liu ! se (Niels =?iso-8859-1?q?M=F6ller?=)
Date:       2002-03-26 17:25:19
[Download RAW message or body]

Oystein Viggen <oysteivi@tihlde.org> writes:

> What is a safe way of chdir'ing into a users directory, avoiding races,
> anyway?  We can't just check that it's not a translator and then chdir,
> as that's racey.  How about opening any directory not owned by the user
> running rm with O_DIRECTORY|O_NOTRANS and then doing an fchdir?

In general, for safe directory traversal, fchdir is your friend. It
might be illustrative to compare with the recent security bug reports
on GNU fileutils. If I understood the issue correctly, rm -r will do
things like

  chdir("foo");
  delete stuff
  chdir("..");
  delete more stuff

That's bad if directories are moved around between the two chdir
calls. The right way to recurse is something like

  old = open(".");
  chdir("foo);
  delete stuff
  fchdir(old);
  delete more stuff

I've done some experiments, and it seems that if the open call
succeeded, then the later fchdir will *always* succeed as well, no
matter if the directory was rmdir:ed or chmod 0:ed in the mean time.

> #ifdef HAVE_TRANSLATORS, then.  I'm probably overdue for learning
> autoconf anyway.

Something like that. Or HAVE_O_NOTRANS, if that's what you want to
use.

Regards,
/Niels


[prev in list] [next in list] [prev in thread] [next in thread]