misc/150972: symbolic link bug

jhell jhell at DataIX.net
Sun Sep 26 20:50:08 UTC 2010 

The following reply was made to PR misc/150972; it has been noted by GNATS.

From: jhell <jhell at DataIX.net>
To: "Kevin K. Han" <ikevin.c11 at revvo.org>
Cc: freebsd-gnats-submit at freebsd.org
Subject: Re: misc/150972: symbolic link bug
Date: Sun, 26 Sep 2010 16:40:30 -0400

 On 09/26/2010 14:24, Kevin K. Han wrote:
 > Create a directory on the root folder, for example ("/whatever").
 
 I assume ``root'' creates this directory.
 
 > Switch to user's home directory ("cd /usr/home/username") ... from now onwards, work in this directory:
 
 This is a normal user account != uid/0
 
 > Create a symbolic link from inside a user's home ("ln -s /whatever .")
 
 If the above is true then this symlink is not uid/gid 0
 
 > Execute this: ("chown -R username:username whatever")
 
 You have now just given yourself permission to remove this folder, but
 ok lets continue.
 
 > Try to delete it using ("rm whatever")... it will say it is a directory. It is still not deleted!
 
 Ok ( rm whatever ) symlink gone and directory /whatever still exists.
 
 > Then, try to delete using ("rm -r -f whatever/"), no errormessage, BUT It is still there!
 
 rm -rf whatever/
 rm: whatever/: Permission denied
 ls -ld whatever
 lrwxr-x---  1 jhell  jhell  10 Sep 26 16:30 whatever -> /whatever/
 ls -ld /whatever
 drwxr-xr-x  2 jhell  jhell  512 Sep 26 16:23 /whatever
 
 > Then, again, try the same thing ("rm whatever")... It is GONE, INCLUDING the original at "/whatever" !!!
 
 rm whatever
 ls -ld whatever
 ls: whatever: No such file or directory
 ls -ld /whatever
 drwxr-xr-x  2 jhell  jhell  512 Sep 26 16:23 /whatever
 
 
 There is a different meaning for symlinks when you specify a trailing
 slash as where a rm /path/to/symlink and rm /path/to/symlink/ having
 different meanings and this can be expected and is proper use.
 
 When you did "( rm -r -f whatever/ )" you were actually telling rm to
 remove the /whatever directory instead of the symlink so as you went on
 you had never checked whether that directory was still there before you
 continued to try and remove the symlink.
 
 As a normal user you should not be able to remove /whatever even if it
 is owned by you.
 
 Are you using a ZFS filesystem or a UFS filesystem ?
 
 -- 
 
  jhell,v

More information about the freebsd-bugs mailing list