[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [patch] rc.d/tmp (silly mkdir usage)
- To: Vasil Dimov <vd_(_at_)_datamax_(_dot_)_bg>
- Subject: Re: [patch] rc.d/tmp (silly mkdir usage)
- From: Giorgos Keramidas <keramida_(_at_)_linux_(_dot_)_gr>
- Date: Tue, 2 Aug 2005 14:38:36 +0300
- Cc: freebsd-hackers_(_at_)_freebsd_(_dot_)_org
On 2005-08-02 14:05, Vasil Dimov <vd_(_at_)_datamax_(_dot_)_bg> wrote:
>On Tue, Aug 02, 2005 at 12:33:48PM +0300, Giorgos Keramidas wrote:
>>On 2005-08-02 09:29, Vasil Dimov <vd_(_at_)_datamax_(_dot_)_bg> wrote:
>>>> *)
>>>> - if (/bin/mkdir -p /tmp/.diskless 2> /dev/null); then
>>>> - rmdir /tmp/.diskless
>>>> + if ( > /tmp/.diskless 2> /dev/null); then
>>>> + rm /tmp/.diskless
>>>> else
>>>> if [ -h /tmp ]; then
>>>> echo "*** /tmp is a symlink to a non-writable area!"
>>>
>>> The thing you suggest is bloody insecure. Just imagine some baduser
>>> doing ln -s /etc/passwd /tmp/.diskless before rc.d/tmp gets executed.
>>> I guess this is the reason why directory creation is used instead of
>>> file creation.
>>>
>>> I just wonder why a new shell is forked for this test. Simply if
>>> /bin/mkdir -p /tmp/.diskless 2> /dev/null ; then would do the same
>>> thing without forking a new shell that only executes /bin/mkdir
>>
>> I think it's because the current shell is allowed to exit if a command
>> fails while a conditional test like this is run:
>>
>> if mkdir /tmp/foo; then
>> echo foo
>> rmdir /tmp/foo
>> fi
>>
>> and mkdir may fail.
>
> What do you mean by "allowed to exit"?
> sh -e?
You're right, of course. I forgot the script I was looking at had the -e
option enabled.
_______________________________________________
freebsd-hackers_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe_(_at_)_freebsd_(_dot_)_org"
Visit your host, monkey.org