[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rm patch suggestion

From: Oystein Viggen
Subject: Re: rm patch suggestion
Date: Tue, 07 May 2002 18:02:26 +0200
User-agent: Gnus/5.090007 (Oort Gnus v0.07) XEmacs/21.1 (Capitol Reef, i386-debian-linux)

* [Oystein Viggen] 

> I believe that the code already
> present in rm to prevent symlink race attacks should also be enough to
> prevent similar translator attacks.

Actually, I don't believe this anymore.

I guess that when you stat . in the root of a translator directory, you
are talking to the translator for the current file system, and not the
parent translator, right?

What rm currently does for safe (on Unix) recursion is mainly:

lstat directory
chdir directory
stat .
compare the the two stat results to make sure we are seeing the same

I believe it would be possible to attach a translator to the directory
in between the first stat and the chdir, and then have it return data to
the second stat that is crafted to look exactly like what you would get
from stat'ing the directory that it is attached to.

Modifying rm to use open() and fchdir() seems to be the only way to get
safe operation on the Hurd.

This message was generated by a horde of attack elephants armed with PRNGs.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]