From: Roman Perepelitsa <roman.perepelitsa@gmail.com>
To: Bart Schaefer <schaefer@brasslantern.com>
Cc: Zsh hackers list <zsh-workers@zsh.org>
Subject: Re: [patch] Avoid race in zf_mkdir
Date: Sat, 10 Oct 2020 13:50:20 +0200 [thread overview]
Message-ID: <CAN=4vMpuSaF6BDhhUP=tnvDDMTN=iKExkmtb5QgtoeCqN_9D3g@mail.gmail.com> (raw)
In-Reply-To: <CAH+w=7ZfkwJY6a1LzR3n=LsOmB21WKUZMXfNzXN1hNDFpdeG2w@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 884 bytes --]
On Fri, Oct 9, 2020 at 11:27 PM Bart Schaefer <schaefer@brasslantern.com> wrote:
>
> The document linked by Matthew asserts that "mkdir -m mode" should behave "as if" chmod() is called after creating the directory.
This applies only when mkdir creates a directory but not when the
directory already existed prior to the call. Here's the relevant part:
Each dir operand that names an existing directory shall be ignored
without error.
On Fri, Oct 9, 2020 at 11:40 PM Matthew Martin <phy1729@gmail.com> wrote:
>
> For a sufficiently well timed attacker, the target could be created and
> deleted so that this loop never exits. Even if pathological, I don't
> think it should be possible for mkdir to loop forever.
Perhaps try N times instead of forever? The patch you've posted uses N
= 1 (which is already better than the existing code) but it can be any
other number.
Roman.
[-- Attachment #2: mkdir-patch-v2.txt --]
[-- Type: text/plain, Size: 929 bytes --]
diff --git a/Src/Modules/files.c b/Src/Modules/files.c
index 6d20e38a8..5a58ad600 100644
--- a/Src/Modules/files.c
+++ b/Src/Modules/files.c
@@ -122,19 +122,29 @@ domkdir(char *nam, char *path, mode_t mode, int p)
{
int err;
mode_t oumask;
+ struct stat st;
+ int n = 8;
char const *rpath = unmeta(path);
- if(p) {
- struct stat st;
-
- if(!stat(rpath, &st) && S_ISDIR(st.st_mode))
+ while(n--) {
+ oumask = umask(0);
+ err = mkdir(rpath, mode) ? errno : 0;
+ umask(oumask);
+ if (!err)
+ return 0;
+ if(!p || err != EEXIST)
+ break;
+ if(!stat(rpath, &st)) {
+ if(errno == ENOENT)
+ continue;
+ err = errno;
+ break;
+ }
+ if(S_ISDIR(st.st_mode))
return 0;
+ break;
}
- oumask = umask(0);
- err = mkdir(rpath, mode) ? errno : 0;
- umask(oumask);
- if(!err)
- return 0;
+
zwarnnam(nam, "cannot make directory `%s': %e", path, err);
return 1;
}
next prev parent reply other threads:[~2020-10-10 11:50 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-09 20:07 Matthew Martin
2020-10-09 20:24 ` Bart Schaefer
2020-10-09 20:35 ` Roman Perepelitsa
2020-10-09 20:47 ` Bart Schaefer
2020-10-09 20:53 ` Matthew Martin
2020-10-09 21:22 ` Roman Perepelitsa
2020-10-09 21:27 ` Bart Schaefer
2020-10-10 11:50 ` Roman Perepelitsa [this message]
2020-10-15 10:01 ` Roman Perepelitsa
2020-10-15 15:29 ` Bart Schaefer
2020-10-15 15:36 ` Roman Perepelitsa
2020-10-15 16:47 ` Bart Schaefer
2020-10-22 13:30 ` Roman Perepelitsa
2020-10-09 21:40 ` Matthew Martin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAN=4vMpuSaF6BDhhUP=tnvDDMTN=iKExkmtb5QgtoeCqN_9D3g@mail.gmail.com' \
--to=roman.perepelitsa@gmail.com \
--cc=schaefer@brasslantern.com \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).