bug-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rm patch suggestion

From: Oystein Viggen
Subject: Re: rm patch suggestion
Date: Tue, 07 May 2002 22:50:13 +0200
User-agent: Gnus/5.090007 (Oort Gnus v0.07) XEmacs/21.1 (Capitol Reef, i386-debian-linux) 
* [Marcus Brinkmann] 

> On Tue, May 07, 2002 at 06:02:26PM +0200, Oystein Viggen wrote:
>  
>> Modifying rm to use open() and fchdir() seems to be the only way to get
>> safe operation on the Hurd.
>
> Yes, I think so.  At boot time, we have it easier because we know there are
> no other users.

I did some testing with O_NOFOLLOW, and it seems that this not much
better than an lstat and checking if (st_mode & S_ITRANS).

It seems that even if you open() a directory when it is not a
translator, and then fchdir() into it, you will still end up inside any
translator that is placed there in the meantime.  (I would expect to end
up within the underlying directory, but no such luck.)

This means that I can think of no safe way of changing into a directory
owned by an untrusted user involving only "Unix space".  (Is this even
desirable, or should we just accept it as a fact that traditional Unix
features are unable to deal with Hurd specific features?)

This makes Rolands suggestion of a safety translator sound all the more
tempting.  This is a bit beyond my abilities, however.

Oystein
-- 
If it ain't broke, don't break it.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]