Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: files module improvements

X-seq: zsh-workers 2702
From: Zefram <zefram@xxxxxxxxxxxxxxxxx>
To: hzoli@xxxxxxxxxx (Zoltan Hidvegi)
Subject: Re: files module improvements
Date: Thu, 2 Jan 1997 11:16:34 +0000 (GMT)
Cc: zsh-workers@xxxxxxxxxxxxxxx (Z Shell workers mailing list)
In-reply-to: <199701020352.EAA05348@xxxxxxxxxxxxxxxxxxxx> from "Zoltan Hidvegi" at Jan 2, 97 04:52:58 am

Zoltan Hidvegi wrote:
>If chdir("..") succeeds it always go back where you started so it is as
>safe to use as fchdir.

Not true.  If a directory is moved, its .. changes.  One of the attacks
on /tmp-clearing cron jobs that has been proposed goes like

mkdir -p /tmp/a/b
# make large directory tree under /tmp/a/b
# wait for the cron job to start deleting under /tmp/a/b
mv /tmp/a/b /tmp/b

and when the rm does chdir("..") from b, thinking it is going back to
/tmp/a, it is actually entering /tmp.  It then does another
chdir(".."), trying to get back to /tmp, and actually enters /.

This attack can be detected (but not prevented entirely) by doing
stat(".") before entering a subdirectory, and after leaving it.  If the
two do not match, then the directory was moved while being cleared, and
the current directory could be pretty much anything -- rm would have to
abort.

-zefram

References:
- Re: files module improvements
  - From: Zoltan Hidvegi

Messages sorted by: Reverse Date, Date, Thread, Author