Re: Changes to the filesystem while find is running - comments?

From: Martin Buchholz
Subject: Re: Changes to the filesystem while find is running - comments?
Date: Tue, 23 Nov 2004 09:08:18 -0800
Solar Designer wrote:
> On Mon, Nov 22, 2004 at 10:05:04AM -0800, Martin Buchholz wrote:
>>Before a chdir to "foo", take stock:
>>- record stat(".");  DOTFD = open("."); (get a fd to ".")
>>- record stat("foo"); (make sure foo is a regular directory)
>>- chdir "foo"
>>- stat("."); compare dev, inode with recorded stat("foo")
>>- if different, we suspect either symlinks or automounter.
>>In this case, go back to original directory.
>>- if we have fchdir, then
>>  fchdir(DOTFD); and try again.  give up if we fail a second
>>  time.  This means that a very rare collision with an
>>  asynchronous symlink creation will not be fatal;
> This sounds reasonable.
>>- If we don't have fchdir, getting back to the parent might be
>>  tougher.  In the case of the automounter, we can do chdir(".."),
>>  then stat(".") and check that we're back in original directory.
>>  If that doesn't work, we chdir("/absolute/real/path/to/parent"),
>>  again stat(".") and compare dev/inode with saved stat of parent
>>  directory.
> That last fallback would be a security hole.  The long path to parent
> might have gotten intermediate directories replaced with symlinks to
> somewhere outside of the intended directory tree while we were running.

The idea is we would check that we've chdir'ed back to where we
expect, by comparing with the dev and inode of a stat buffer
we've saved.  Is there a risk relying on that check to detect
asynchronous modifications to the filesystem?


