Bugtraq mailing list archives
Re: Race condition in "rm -r"
From: glynn () SENSEI CO UK (Glynn Clements)
Date: Mon, 8 May 2000 02:55:00 +0100
abs () mono org wrote:
Also affected: chmod, chown, chgrp. (Probably; this is guesswork.)... and every other program that modifies the filesystem in any way, unless it jumps through the same hoops. If, that is, you let them near directories with unsafe permissions. In the long term, there are three main options: 1. Abolish symlinks. This might be considered overkill, though. 2. Write every program as if it was a /tmp cleaner. I.e. never pass full pathnames to system calls, but chdir() down one level at a time from "/", [lf]stat()ing as you go and never following symlinks, then open("./filename"). In which case, you may as well abolish symlinks. 3. Don't do dangerous things in world-writable directories. Better still, get rid of world-writable directories altogether; it isn't that difficult. IOW, fix the bug, not the symptoms.4. Add an option to not traverse symlinks in system calls.
That seems somewhat like option 2, but with the code in the kernel or the standard library. There doesn't seem to be much point in having symlinks if programs religiously refuse to follow them.
Call realpath() on initial argument before setting.
Does that help any? I would have thought that it would suffer from exactly the same sort of race conditions. On a pre-emptive multi-tasking OS, any system call that returns information about shared structures (e.g. the filesystem) is returning information about the past, which may not match the present. -- Glynn Clements <glynn () sensei co uk>
Current thread:
- Re: Windows NT/95/98/Possible Others Denial of Service Attack. Mi crosoft ODBC Database connectivity flaw. Daniel Docekal (May 01)
- SuSE Security Announcement - aaa_base - UPDATE Marc Heuse (May 02)
- Race condition in "rm -r" Morten Welinder (May 03)
- Re: Race condition in "rm -r" Glynn Clements (May 06)
- Re: Race condition in "rm -r" David Brownlee (May 07)
- Re: Race condition in "rm -r" Glynn Clements (May 07)
- Re: Race condition in "rm -r" David Brownlee (May 08)
- Race condition in "rm -r" Morten Welinder (May 03)
- Re: Race condition in "rm -r" Alex Belits (May 07)
- Re: Race condition in "rm -r" Glynn Clements (May 07)
- SuSE Security Announcement - aaa_base - UPDATE Marc Heuse (May 02)
- Ipchains! Dimuthu Parussalla (May 07)
- Re: Ipchains! Paul D. Carlucci (May 10)
- Prevent Current and Future E-Mail Worms AXENT Security Team (May 12)
- Cisco Security Advisory: Cisco IOS HTTP Server Vulnerability Cisco Systems Product Security Incident Response Team (May 15)
- Contemplations : Melissa, I love you - not! Cerberus Security Team (May 08)
- June 2000 FIRST Conference Reminder Roger Safian (May 08)