Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Wed, 10 Feb 1999 00:01:56 GMT
From: Antonomasia <ant@notatla.demon.co.uk>
To: linux-security@redhat.com
Subject: [linux-security] When a shell says no (clobber) it means maybe.


As will be seen from these code fragments (and experiment) a noclobber
option in bash or pdksh (or ksh on AIX) will do limited clobbers.

1) They will clobber named pipes.
   (mknod /tmp/predicted p
       cat /tmp/predicted > $stolen
              cat $switched > /tmp/predicted ) &

2) They will clobber symlinks.
   ln -s /some/new/target /tmp/predicted

3) They can be raced.
      mkdir /tmp/predicted
      echo  "hoping stat() happens now:  returns 0 and non S_ISREG"
      mv /tmp/predicted /tmp/other
      ln -s /some/old/target  /tmp/predicted


Is there some reason (such as standards or a situation I've overlooked)
why they should do this and not say noclobber => O_EXCL, end of story ?

exec.c from pdksh-5.2.12


  1293	  case IOWRITE:
  1294		flags = O_WRONLY | O_CREAT | O_TRUNC;
  1295		if (Flag(FNOCLOBBER) && !(iop->flag & IOCLOB)
  1296		    && (stat(cp, &statb) < 0 || S_ISREG(statb.st_mode)))
  1297			flags |= O_EXCL;
  1298		break;


execute_cmd.c from bash-1.14.7

  2834  stat_result = stat (redirectee_word, &finfo);
  2835
  2836  if ((stat_result == 0) && (S_ISREG (finfo.st_mode)))
  2837    {
  2838      free (redirectee_word);
  2839      return (NOCLOBBER_REDIRECT);
  2840    }
  2841
  2842	  /* If the file was not present, make sure we open it exclusively
  2843	     so that if it is created before we open it, our open will fail. */
  2844	  if (stat_result != 0)
  2845	    redirect->flags |= O_EXCL;
  2846
  2847	  fd = open (redirectee_word, redirect->flags, 0666);
  2848
  2849	  if ((fd < 0) && (errno == EEXIST))
  2850	    {
  2851	      free (redirectee_word);
  2852	      return (NOCLOBBER_REDIRECT);
  2853	    }
  2854	}
  2855      else
  2856	{



--
##############################################################
# Antonomasia   ant@notatla.demon.co.uk                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: