[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: recursive commands
|
From: |
Niels Möller |
|
Subject: |
Re: recursive commands |
|
Date: |
26 Mar 2002 18:25:19 +0100 |
|
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.1 |
Oystein Viggen <oysteivi@tihlde.org> writes:
> What is a safe way of chdir'ing into a users directory, avoiding races,
> anyway? We can't just check that it's not a translator and then chdir,
> as that's racey. How about opening any directory not owned by the user
> running rm with O_DIRECTORY|O_NOTRANS and then doing an fchdir?
In general, for safe directory traversal, fchdir is your friend. It
might be illustrative to compare with the recent security bug reports
on GNU fileutils. If I understood the issue correctly, rm -r will do
things like
chdir("foo");
delete stuff
chdir("..");
delete more stuff
That's bad if directories are moved around between the two chdir
calls. The right way to recurse is something like
old = open(".");
chdir("foo);
delete stuff
fchdir(old);
delete more stuff
I've done some experiments, and it seems that if the open call
succeeded, then the later fchdir will *always* succeed as well, no
matter if the directory was rmdir:ed or chmod 0:ed in the mean time.
> #ifdef HAVE_TRANSLATORS, then. I'm probably overdue for learning
> autoconf anyway.
Something like that. Or HAVE_O_NOTRANS, if that's what you want to
use.
Regards,
/Niels