Date: Tue, 2 Aug 2005 12:33:48 +0300 From: Giorgos Keramidas <keramida@linux.gr> To: Vasil Dimov <vd@datamax.bg> Cc: freebsd-hackers@freebsd.org Subject: Re: [patch] rc.d/tmp (silly mkdir usage) Message-ID: <20050802093348.GC1307@beatrix.daedalusnetworks.priv> In-Reply-To: <20050802062937.GA31485@sinanica.bg.datamax> References: <51934.68.95.232.238.1122957425.squirrel@68.95.232.238> <20050802062937.GA31485@sinanica.bg.datamax>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2005-08-02 09:29, Vasil Dimov <vd@datamax.bg> wrote: > > --- /etc/rc.d/tmp.orig Mon Aug 1 23:20:24 2005 > > +++ /etc/rc.d/tmp Mon Aug 1 23:22:07 2005 > > @@ -48,8 +48,8 @@ > > [Nn][Oo]) > > ;; > > *) > > - if (/bin/mkdir -p /tmp/.diskless 2> /dev/null); then > > - rmdir /tmp/.diskless > > + if ( > /tmp/.diskless 2> /dev/null); then > > + rm /tmp/.diskless > > else > > if [ -h /tmp ]; then > > echo "*** /tmp is a symlink to a non-writable area!" > > The thing you suggest is bloody insecure. Just imagine some baduser > doing ln -s /etc/passwd /tmp/.diskless before rc.d/tmp gets executed. > I guess this is the reason why directory creation is used instead of > file creation. > > I just wonder why a new shell is forked for this test. Simply if > /bin/mkdir -p /tmp/.diskless 2> /dev/null ; then would do the same > thing without forking a new shell that only executes /bin/mkdir I think it's because the current shell is allowed to exit if a command fails while a conditional test like this is run: if mkdir /tmp/foo; then echo foo rmdir /tmp/foo fi and mkdir may fail.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050802093348.GC1307>