[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bugs #11879] all mount-points lstat()-ed, but shouldn't be

From: James Youngman
Subject: [bugs #11879] all mount-points lstat()-ed, but shouldn't be
Date: Sun, 13 Feb 2005 10:20:21 +0000
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050210 Firefox/1.0 (Debian package 1.0+dfsg.1-6)

Follow-up Comment #4, bugs #11879 (project findutils):

Dmitry, thanks for looking at this.

1. That hunk of test code existed only to place a marker in the strace
output.  It should have been removed earlier.  It would have leaked a file

2. You're right.  That exposes find to the very security problem that this
mechanism is supposed to fix!  Stupid me.  Fixed.  

3. Most of the checks in dafely_chdir_lstat() just relate to checking and
reporting problems with the lstat() results.  I believe that these checks are
no longer required, or do you believe I have missed something?  I have moved
complete_pending_execdirs() up into safely_chdir() though.  

Thanks for the very useful feedback.   I attach an updated patch.   The
updated patch is _really_ a patch afainst findutils 4.2.17, so it also
contains some minor changes to the find manpage which aren;t relevant here.


Additional Item Attachment:

File name: findutils-4.2.17-nofollow-try2.patch Size:24 KB
Second proposed fix (as patch against 4.2.17 release)


This item URL is:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]