Date: Tue, 2 Aug 2005 09:29:37 +0300 From: Vasil Dimov <vd@datamax.bg> To: diz@linuxpowered.com Cc: freebsd-hackers@freebsd.org Subject: Re: [patch] rc.d/tmp (silly mkdir usage) Message-ID: <20050802062937.GA31485@sinanica.bg.datamax> In-Reply-To: <51934.68.95.232.238.1122957425.squirrel@68.95.232.238> References: <51934.68.95.232.238.1122957425.squirrel@68.95.232.238>
next in thread | previous in thread | raw e-mail | index | archive | help
--mYCpIKhGyMATD0i+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 01, 2005 at 11:37:05PM -0500, diz@linuxpowered.com wrote: > Howdy hackers, >=20 > I'm sorry for the previous patch, so here is at least one item that really > bugs me that isn't obfuscation. In short, I don't see any reason to fork > some process to simply "touch" a file (is a filesystem writable) when > built-in shell i/o does this: >=20 > --- /etc/rc.d/tmp.orig Mon Aug 1 23:20:24 2005 > +++ /etc/rc.d/tmp Mon Aug 1 23:22:07 2005 > @@ -48,8 +48,8 @@ > [Nn][Oo]) > ;; > *) > - if (/bin/mkdir -p /tmp/.diskless 2> /dev/null); then > - rmdir /tmp/.diskless > + if ( > /tmp/.diskless 2> /dev/null); then > + rm /tmp/.diskless > else > if [ -h /tmp ]; then > echo "*** /tmp is a symlink to a non-writable are= a!" >=20 The thing you suggest is bloody insecure. Just imagine some baduser doing ln -s /etc/passwd /tmp/.diskless before rc.d/tmp gets executed. I guess this is the reason why directory creation is used instead of file creation. I just wonder why a new shell is forked for this test. Simply if /bin/mkdir -p /tmp/.diskless 2> /dev/null ; then would do the same thing without forking a new shell that only executes /bin/mkdir Even we can use if [ -d /tmp -a -w /tmp ] ; then or (which is equivalent) if [ -d /tmp ] && [ -w /tmp ] ; then and save external commands (mkdir) execution and directory creation/deletion at all. --mYCpIKhGyMATD0i+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iD8DBQFC7xLOFw6SP/bBpCARAj/dAKCkPbJaiFeHFa3qHSI3W5TLGQOgLQCfdyZk EMb0e+KatXqniG+YgRuNBlw= =y44W -----END PGP SIGNATURE----- --mYCpIKhGyMATD0i+--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050802062937.GA31485>