Re: [RFC] Bug in mkdir(2)

Wolfgang Walter (wolfgang.walter@stusta.mhn.de)
Thu, 17 Jun 1999 08:17:31 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Tigran Aivazian: "Re: bunzip2 -c linux-2.2.10.tar.bz2 | untar -xvp"
Previous message: M.Brands: "Re: Resolution to UDMA performance issues on 2.0.36"
In reply to: Alan Cox: "Re: [RFC] Bug in mkdir(2)"

On Thu, Jun 17, 1999 at 12:43:50AM +0100, Alan Cox wrote:
> > > You can demonstrate the link following race for O_EXCL|O_CREAT is insoluble.
> >
> > Yes. But it is possible to reduce it to a practical minimal risk by using
> > a long enough really random filename and if this succeeds, to rename it to
> > the wished name.
>
> > For temporary files in /tmp which do not need a well known name it is probably
> > the best to just choose such real random numbers, anyway. This solves i.e.
> > often some denial of service attack possibilties. But this is my very private
> > opinion and this method seems not to be used often.
>
> What everyone else relies on is the modern unix guarantee that mkdir does
> not follow links. Whats more some packages test for this property and compile
> differently if the mkdir is sane. Linux packages assume it is sane, so we
> _must_ preserve this property

Yes, of course. I think mkdir should not follow symlinks. And open with
O_EXCL|O_CREAT should not, too. I just want to say that there is a way to
handle this situation in an acceptable form on systems which do follow
symlinks for mkdir or open(..,O_EXCL|O_CREAT).

Wolfgang Walter

>
> Alan
>

-- Veni, Vidi, VISA: I came, I saw, I did a little shopping.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Tigran Aivazian: "Re: bunzip2 -c linux-2.2.10.tar.bz2 | untar -xvp"
Previous message: M.Brands: "Re: Resolution to UDMA performance issues on 2.0.36"
In reply to: Alan Cox: "Re: [RFC] Bug in mkdir(2)"