[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
rm patch suggestion
From: |
Oystein Viggen |
Subject: |
rm patch suggestion |
Date: |
Mon, 06 May 2002 21:13:25 +0200 |
User-agent: |
Gnus/5.090007 (Oort Gnus v0.07) XEmacs/21.1 (Capitol Reef, i386-debian-linux) |
Hi
I have made a small patch to rm, which I believe will work around the
problems wrt. translators placed by malicious or misguided users as
previously discussed on help-hurd. In my first attempt to create such a
patch, I have favoured simplicity over advanced features, so it could
probably be done much better.
With this patch, translators that present themselves as directories are
simply not touched by rm, beyond a necessary lstat(), and a warning
message is presented to the user. I believe that the code already
present in rm to prevent symlink race attacks should also be enough to
prevent similar translator attacks.
Demonstration:
dors:/tmp# mkdir dir
dors:/tmp# mkdir dir2
dors:/tmp# touch dir2/testfile
dors:/tmp# touch dir/to_be_deleted
dors:/tmp# settrans -c dir/null /hurd/null
dors:/tmp# settrans -c dir/firm /hurd/firmlink /tmp/dir2
dors:/tmp# ls dir/*
dir/null dir/to_be_deleted
dir/firm:
testfile
dors:/tmp# rm -Rf dir
rm: not removing directory translator `dir/firm'
rm: cannot remove directory `dir': Directory not empty
dors:/tmp# ls dir
firm
dors:/tmp# ls dir2
testfile
Testfile and dir simulate /, $HOME, or whatever else you really don't
want to rm -Rf. To delete "firm" it is necessary to settrans -fgap it
first. (Obviously, the race condition is a bit hard to test properly,
but I guess it can be forced by placing a sleep() in a strategically
good place. I have not done this, however.)
Any comments or suggestions are extremely welcome. I'm likely to have
forgotten something important.
Oystein
--
This message was brought to you by the letter ß and the number e.
fileutils-4.1-rm-translator.patch
Description: Text Data
- rm patch suggestion,
Oystein Viggen <=