[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rm patch suggestion

From: Oystein Viggen
Subject: rm patch suggestion
Date: Mon, 06 May 2002 21:13:25 +0200
User-agent: Gnus/5.090007 (Oort Gnus v0.07) XEmacs/21.1 (Capitol Reef, i386-debian-linux)


I have made a small patch to rm, which I believe will work around the
problems wrt. translators placed by malicious or misguided users as
previously discussed on help-hurd.  In my first attempt to create such a
patch, I have favoured simplicity over advanced features, so it could
probably be done much better. 

With this patch, translators that present themselves as directories are
simply not touched by rm, beyond a necessary lstat(), and a warning
message is presented to the user.  I believe that the code already
present in rm to prevent symlink race attacks should also be enough to
prevent similar translator attacks.

dors:/tmp# mkdir dir
dors:/tmp# mkdir dir2
dors:/tmp# touch dir2/testfile
dors:/tmp# touch dir/to_be_deleted
dors:/tmp# settrans -c dir/null /hurd/null
dors:/tmp# settrans -c dir/firm /hurd/firmlink /tmp/dir2
dors:/tmp# ls dir/*
dir/null  dir/to_be_deleted

dors:/tmp# rm -Rf dir
rm: not removing directory translator `dir/firm'
rm: cannot remove directory `dir': Directory not empty
dors:/tmp# ls dir
dors:/tmp# ls dir2

Testfile and dir simulate /, $HOME, or whatever else you really don't
want to rm -Rf.  To delete "firm" it is necessary to settrans -fgap it
first.  (Obviously, the race condition is a bit hard to test properly,
but I guess it can be forced by placing a sleep() in a strategically
good place.  I have not done this, however.)

Any comments or suggestions are extremely welcome.  I'm likely to have
forgotten something important.

This message was brought to you by the letter ß and the number e.

Attachment: fileutils-4.1-rm-translator.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]