[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fwd: [bug #17877] Invalid "No such file or directory" error on files
From: |
Jim Meyering |
Subject: |
Re: Fwd: [bug #17877] Invalid "No such file or directory" error on filesystem without stable inode numbers |
Date: |
Thu, 05 Oct 2006 16:24:10 +0200 |
Miklos Szeredi <address@hidden> wrote:
>> >> For example, consider the classic symlink attack.
>> >> We're not supposed to follow symlinks and our system lacks support
>> >> for open's O_NOFOLLOW flag. So we lstat the target directory,
>> >> determine that it is indeed a directory, then open it. But between
>> >> the lstat and the open, someone moved it aside and replaced it with
>> >> a symlink to another directory. The only way to detect that is to
>> >> compare dev/inode pairs before and after.
>> >
>> > OK, but for systems which do have O_NOFOLLOW, this isn't necessary and
>> > less efficient than just using O_NOFOLLOW. So can't this test be made
>> > conditional for systems lacking O_NOFOLLOW?
>>
>> For that one yes, but there is a more insidious attack.
>>
>> The case in which a partially processed (visited just once so far)
>> directory is renamed to reside at a different level in the file system
>
> You mean a directory that is an ancestor of the current directory, but
> a descendant of the root of find is moved?
Yes.
>> hierarchy must also be detected. There, O_NOFOLLOW doesn't help at all.
>> It can be detected upon traversing a ".." link only by comparing prior
>> and current dev/ino pairs.
>
> Shouldn't holding the current directory open prevent the ancestor from
> changing inodes in this case?
No.
What's changed is the identity (dev/inode) of the parent directory,
once you try to chdir("..") "up" beyond the renamed directory.
- Re: Fwd: [bug #17877] Invalid "No such file or directory" error on filesystem without stable inode numbers, (continued)
- Re: Fwd: [bug #17877] Invalid "No such file or directory" error on filesystem without stable inode numbers, James Youngman, 2006/10/05
- Re: Fwd: [bug #17877] Invalid "No such file or directory" error on filesystem without stable inode numbers, Miklos Szeredi, 2006/10/05
- Re: Fwd: [bug #17877] Invalid "No such file or directory" error on filesystem without stable inode numbers, Jim Meyering, 2006/10/05
- Re: Fwd: [bug #17877] Invalid "No such file or directory" error on filesystem without stable inode numbers, Miklos Szeredi, 2006/10/05
- Re: Fwd: [bug #17877] Invalid "No such file or directory" error on filesystem without stable inode numbers, Jim Meyering, 2006/10/05
- Re: Fwd: [bug #17877] Invalid "No such file or directory" error on filesystem without stable inode numbers, Miklos Szeredi, 2006/10/05
- Re: Fwd: [bug #17877] Invalid "No such file or directory" error on filesystem without stable inode numbers,
Jim Meyering <=
- Re: Fwd: [bug #17877] Invalid "No such file or directory" error on filesystem without stable inode numbers, Miklos Szeredi, 2006/10/05
- Re: Fwd: [bug #17877] Invalid "No such file or directory" error on filesystem without stable inode numbers, Miklos Szeredi, 2006/10/05
- Re: Fwd: [bug #17877] Invalid "No such file or directory" error on filesystem without stable inode numbers, Jim Meyering, 2006/10/05
- Re: Fwd: [bug #17877] Invalid "No such file or directory" error on filesystem without stable inode numbers, Miklos Szeredi, 2006/10/05
- Re: Fwd: [bug #17877] Invalid "No such file or directory" error on filesystem without stable inode numbers, Jim Meyering, 2006/10/05
- Re: Fwd: [bug #17877] Invalid "No such file or directory" error on filesystem without stable inode numbers, Miklos Szeredi, 2006/10/06
- Re: Fwd: [bug #17877] Invalid "No such file or directory" error on filesystem without stable inode numbers, Jim Meyering, 2006/10/06
- Re: Fwd: [bug #17877] Invalid "No such file or directory" error on filesystem without stable inode numbers, Miklos Szeredi, 2006/10/06
- Re: Fwd: [bug #17877] Invalid "No such file or directory" error on filesystem without stable inode numbers, Miklos Szeredi, 2006/10/06
- Re: Fwd: [bug #17877] Invalid "No such file or directory" error on filesystem without stable inode numbers, Jim Meyering, 2006/10/06