bug#21534: Bug in mkdir?!

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#21534: Bug in mkdir?!

From:	Sebastian Unger
Subject:	bug#21534: Bug in mkdir?!
Date:	Wed, 23 Sep 2015 16:02:11 +1200

Hi Paul,

First of all thanks for the exceptionally quick response & fix. The mode of the file system isn't so much a security feature but a reflection of its functionality: As you drop files into a particular area, they are moved somewhere else under the hood by the fuse. But given what you are saying about expecting issues like this with more tools, I may actually make directories readable to avoid issues.

You did get my name ever so slightly wrong in the patch, but if that's already committed, then don't bother with it.

Cheers,

Seb

On 23 September 2015 at 15:09, Paul Eggert <address@hidden> wrote:

Sebastian Unger wrote:

Why is it trying to open the directory
in the first place?

Security.

Apparently POSIX doesn't allow this level of paranoia for mkdir -p, so I removed it in the attached Gnulib patch, and this should appear in the next coreutils release.

A filesystem that doesn't let you read your own directory that you just created is likely to run into other problems like this -- i.e., the practice may introduce more security problems than it closes. But I digress.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#21534: Bug in mkdir?!, Sebastian Unger, 2015/09/22
- bug#21534: Bug in mkdir?!, Paul Eggert, 2015/09/22
  - bug#21534: Bug in mkdir?!, Sebastian Unger <=
    - bug#21534: Bug in mkdir?!, Paul Eggert, 2015/09/23

Prev by Date: bug#21534: Bug in mkdir?!
Next by Date: bug#21372: [PATCH v4] df: fix prioritize real mounts over bind mounts
Previous by thread: bug#21534: Bug in mkdir?!
Next by thread: bug#21534: Bug in mkdir?!
Index(es):
- Date
- Thread