[patch] rc.d/tmp (silly mkdir usage)
Giorgos Keramidas
keramida at linux.gr
Tue Aug 2 09:34:02 GMT 2005
On 2005-08-02 09:29, Vasil Dimov <vd at datamax.bg> wrote:
> > --- /etc/rc.d/tmp.orig Mon Aug 1 23:20:24 2005
> > +++ /etc/rc.d/tmp Mon Aug 1 23:22:07 2005
> > @@ -48,8 +48,8 @@
> > [Nn][Oo])
> > ;;
> > *)
> > - if (/bin/mkdir -p /tmp/.diskless 2> /dev/null); then
> > - rmdir /tmp/.diskless
> > + if ( > /tmp/.diskless 2> /dev/null); then
> > + rm /tmp/.diskless
> > else
> > if [ -h /tmp ]; then
> > echo "*** /tmp is a symlink to a non-writable area!"
>
> The thing you suggest is bloody insecure. Just imagine some baduser
> doing ln -s /etc/passwd /tmp/.diskless before rc.d/tmp gets executed.
> I guess this is the reason why directory creation is used instead of
> file creation.
>
> I just wonder why a new shell is forked for this test. Simply if
> /bin/mkdir -p /tmp/.diskless 2> /dev/null ; then would do the same
> thing without forking a new shell that only executes /bin/mkdir
I think it's because the current shell is allowed to exit if a command
fails while a conditional test like this is run:
if mkdir /tmp/foo; then
echo foo
rmdir /tmp/foo
fi
and mkdir may fail.
More information about the freebsd-hackers
mailing list