[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: recursive commands

From: Niels Möller
Subject: Re: recursive commands
Date: 26 Mar 2002 18:25:19 +0100
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.1

Oystein Viggen <> writes:

> What is a safe way of chdir'ing into a users directory, avoiding races,
> anyway?  We can't just check that it's not a translator and then chdir,
> as that's racey.  How about opening any directory not owned by the user
> running rm with O_DIRECTORY|O_NOTRANS and then doing an fchdir?

In general, for safe directory traversal, fchdir is your friend. It
might be illustrative to compare with the recent security bug reports
on GNU fileutils. If I understood the issue correctly, rm -r will do
things like

  delete stuff
  delete more stuff

That's bad if directories are moved around between the two chdir
calls. The right way to recurse is something like

  old = open(".");
  delete stuff
  delete more stuff

I've done some experiments, and it seems that if the open call
succeeded, then the later fchdir will *always* succeed as well, no
matter if the directory was rmdir:ed or chmod 0:ed in the mean time.

> #ifdef HAVE_TRANSLATORS, then.  I'm probably overdue for learning
> autoconf anyway.

Something like that. Or HAVE_O_NOTRANS, if that's what you want to


reply via email to

[Prev in Thread] Current Thread [Next in Thread]