bug-findutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bugs #11879] all mount-points lstat()-ed, but shouldn't be

From: James Youngman
Subject: [bugs #11879] all mount-points lstat()-ed, but shouldn't be
Date: Sun, 13 Feb 2005 10:20:21 +0000
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050210 Firefox/1.0 (Debian package 1.0+dfsg.1-6) 
Follow-up Comment #4, bugs #11879 (project findutils):

Dmitry, thanks for looking at this.



1. That hunk of test code existed only to place a marker in the strace
output.  It should have been removed earlier.  It would have leaked a file
descriptor!



2. You're right.  That exposes find to the very security problem that this
mechanism is supposed to fix!  Stupid me.  Fixed.  



3. Most of the checks in dafely_chdir_lstat() just relate to checking and
reporting problems with the lstat() results.  I believe that these checks are
no longer required, or do you believe I have missed something?  I have moved
complete_pending_execdirs() up into safely_chdir() though.  



Thanks for the very useful feedback.   I attach an updated patch.   The
updated patch is _really_ a patch afainst findutils 4.2.17, so it also
contains some minor changes to the find manpage which aren;t relevant here.


    _______________________________________________________

Additional Item Attachment:

File name: findutils-4.2.17-nofollow-try2.patch Size:24 KB
Second proposed fix (as patch against 4.2.17 release)
<http://savannah.gnu.org/bugs/download.php?item_id=11879&item_file_id=2187>

    _______________________________________________________

This item URL is:

  <http://savannah.gnu.org/bugs/?func=detailitem&item_id=11879>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]