From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 846 invoked from network); 2 Jan 1997 11:12:11 -0000 Received: from euclid.skiles.gatech.edu (list@130.207.146.50) by coral.primenet.com.au with SMTP; 2 Jan 1997 11:12:11 -0000 Received: (from list@localhost) by euclid.skiles.gatech.edu (8.7.3/8.7.3) id GAA27466; Thu, 2 Jan 1997 06:15:25 -0500 (EST) Resent-Date: Thu, 2 Jan 1997 06:15:25 -0500 (EST) From: Zefram Message-Id: <23838.199701021116@stone.dcs.warwick.ac.uk> Subject: Re: files module improvements To: hzoli@cs.elte.hu (Zoltan Hidvegi) Date: Thu, 2 Jan 1997 11:16:34 +0000 (GMT) Cc: zsh-workers@math.gatech.edu (Z Shell workers mailing list) In-Reply-To: <199701020352.EAA05348@hzoli.ppp.cs.elte.hu> from "Zoltan Hidvegi" at Jan 2, 97 04:52:58 am X-Loop: zefram@dcs.warwick.ac.uk X-Stardate: [-31]8667.34 X-US-Congress: Moronic fuckers Content-Type: text Resent-Message-ID: <"yPLIM1.0.2j6.CZvoo"@euclid> Resent-From: zsh-workers@math.gatech.edu X-Mailing-List: archive/latest/2702 X-Loop: zsh-workers@math.gatech.edu Precedence: list Resent-Sender: zsh-workers-request@math.gatech.edu Zoltan Hidvegi wrote: >If chdir("..") succeeds it always go back where you started so it is as >safe to use as fchdir. Not true. If a directory is moved, its .. changes. One of the attacks on /tmp-clearing cron jobs that has been proposed goes like mkdir -p /tmp/a/b # make large directory tree under /tmp/a/b # wait for the cron job to start deleting under /tmp/a/b mv /tmp/a/b /tmp/b and when the rm does chdir("..") from b, thinking it is going back to /tmp/a, it is actually entering /tmp. It then does another chdir(".."), trying to get back to /tmp, and actually enters /. This attack can be detected (but not prevented entirely) by doing stat(".") before entering a subdirectory, and after leaving it. If the two do not match, then the directory was moved while being cleared, and the current directory could be pretty much anything -- rm would have to abort. -zefram