Date: Fri, 22 May 2009 21:43:39 +0100 From: Mircea Danila Dumitrescu <venatir@xss.ro> To: Vlad GALU <dudu@dudu.ro> Cc: freebsd-fs@freebsd.org Subject: Re: *stat()-ing symlinks with trailing slashes Message-ID: <630D6689-F9BD-4182-808F-8239D8B778D6@xss.ro> In-Reply-To: <ad79ad6b0905221258n2301050ewe31116104ad700cd@mail.gmail.com> References: <ad79ad6b0905220941i138fd5cch61b0ab46e89c43fd@mail.gmail.com> <ad79ad6b0905221258n2301050ewe31116104ad700cd@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi all, Basically here it's what happens: ------------ macmac:test123 venatir$ >./file macmac:test123 venatir$ stat ./file 234881026 4995340 -rw-r--r-- 1 venatir wheel 0 0 "May 22 21:35:18 2009" "May 22 21:35:18 2009" "May 22 21:35:18 2009" "May 22 21:35:18 2009" 4096 0 0 ./file macmac:test123 venatir$ stat ./file/ stat: ./file/: stat: Not a directory macmac:test123 venatir$ ln -s ./file ./link macmac:test123 venatir$ stat ./link 234881026 4995349 lrwxr-xr-x 1 venatir wheel 0 6 "May 22 21:35:36 2009" "May 22 21:35:36 2009" "May 22 21:35:36 2009" "May 22 21:35:36 2009" 4096 8 0 ./link macmac:test123 venatir$ stat ./link/ 234881026 4995340 -rw-r--r-- 1 venatir wheel 0 0 "May 22 21:35:18 2009" "May 22 21:35:18 2009" "May 22 21:35:18 2009" "May 22 21:35:18 2009" 4096 0 0 ./link/ macmac:test123 venatir$ ------------ This is on OS X 10.5.7, but it has the exact same behavior on FreeBSD. It does not seem to cause so many problems unless some program checks if a path is a directory or a file. Lighttpd checks a link with a trailing slash and it thinks it's a directory, because it does not get ENOTDIR as a normal file returns. Of course, if you read what stat returns, you can see it is not a directory, but it's an inconsistency between links and normal files and they started to put linux on a pedestal :P, which hurts my BSD pride. The final behavior for the web server is that you have any cgi script (php, ruby, bash or even an elf file) and that script is a link, you can just put a trailing slash after it and get the source. And I bet there are other affected software out there, but we just have not discovered the bugs ... yet. Mircea Danila Dumitrescu IT Contractor XSS Consultancy LTD venatir@xss.ro m: 00447543670304 m: 00447904550241 On 22 May 2009, at 20:58, Vlad GALU wrote: > On 5/22/09, Vlad GALU <dudu@dudu.ro> wrote: >> -- cut here -- >> root@goofy / # rm -f passwd >> root@goofy / # ln -s /etc/passwd passwd >> root@goofy / # stat passwd >> 74 3 lrwxr-xr-x 1 root wheel 1668572463 11 "May 22 19:34:17 2009" >> "May >> 22 19:34:17 2009" "May 22 19:34:17 2009" "May 22 19:34:17 2009" >> 4096 0 >> 0 passwd >> root@goofy / # stat passwd/ >> 74 95688 -rw-r--r-- 1 root wheel 393192 2158 "May 21 09:27:10 2009" >> "May 21 09:27:10 2009" "May 22 17:25:49 2009" "Apr 7 13:05:32 2008" >> 4096 8 0 passwd/ >> root@goofy / # >> -- and here -- >> >> stat(1) is smart enough to figure out that my /passwd is a symlink >> then calls lstat() on it, thus returning the struct stat >> corresponding >> to /etc/passwd >> However, there's http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/ >> 21768 >> >> vfs_lookup.c has this piece of code: >> -- cut here -- >> /* >> * Check for bogus trailing slashes. >> */ >> if (trailing_slash && dp->v_type != VDIR) { >> error = ENOTDIR; >> goto bad2; >> } >> -- and here -- >> >> I've CC-ed my friend Mircea Danila, who noticed this behavior with >> lighttpd. >> As my friend Mircea Danila, who I've CC-ed found out, lighttpd >> mistakenly treats >> > > So, to finish my idea, since I wasn't previously able to write a fully > coherent mail, the behavior is that lighttpd returns the full source > of scripts, instead of executing them, when they're symlinks and when > the GET requests has a trailing "/". When there's no trailing slash, > they get executed, as expected. The lighttpd devs say that, due to > stat() not returning ENOTDIR, they simply try to list the content. > > Unfortunately I haven't dug any deeper into this, but merely proxied > the symptoms from Mircea to this list. He should be able to provide > more input on request.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?630D6689-F9BD-4182-808F-8239D8B778D6>