bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: need opendir_safer, dirent--.h


From: Eric Blake
Subject: Re: need opendir_safer, dirent--.h
Date: Fri, 28 Aug 2009 09:37:10 -0700 (PDT)

> I think we need to implement opendir_safer, alongside all the other
> *_safer modules.  Otherwise, opendir can end up placing an open directory
> fd in one of the standard slots, and end up interfering with the intent of
> all the other *_safer wrappers.

And here's at least one use case where it matters:

$ find dir -mindepth 1 -ok echo {} \; <&-
< echo ... dir/sub > ? 
$ echo $?
0
$ oldfind dir -mindepth 1 -ok echo {} \; <&-
< echo ... dir/sub > ? oldfind: error closing file
$ echo $?
1

Oops - the fts-based version calls getline() while fd 0 is tied
to dir, while oldfind was successfully able to recognize that
fd 0 was unreadable.  And on platforms where reading a
directory returns data (yes, such fringe platforms still exist),
rather than my platform's choice that read(dir) returns EOF
without error, this could inadvertently end up executing the
-ok command based on whether the binary contents of the
directory resemble 'y'; at any rate, reading from a directory
fd can lead to all sorts of bad behavior.

I tried finding a use case with 'rm -ri <&-', but there, the query
of whether to descend occurs before the opendir, so fd 0 is
not tied to an open directory at that moment in time, and
the query fails because the read fails, so no further actions
are attempted.

I didn't try finding a case in tar, although I suspect it may
be possible to find one.

-- 
Eric Blake

-- 
View this message in context: 
http://www.nabble.com/need-opendir_safer%2C-dirent--.h-tp25190069p25193082.html
Sent from the Gnulib mailing list archive at Nabble.com.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]