Date: Tue, 2 Aug 2005 16:28:26 +0300 From: Vasil Dimov <vd@datamax.bg> To: Giorgos Keramidas <keramida@linux.gr> Cc: freebsd-hackers@freebsd.org Subject: Re: [patch] rc.d/tmp (silly mkdir usage) Message-ID: <20050802132826.GB23261@sinanica.bg.datamax> In-Reply-To: <20050802113836.GA2077@beatrix.daedalusnetworks.priv> References: <51934.68.95.232.238.1122957425.squirrel@68.95.232.238> <20050802062937.GA31485@sinanica.bg.datamax> <20050802093348.GC1307@beatrix.daedalusnetworks.priv> <20050802110522.GA85997@sinanica.bg.datamax> <20050802113836.GA2077@beatrix.daedalusnetworks.priv>
next in thread | previous in thread | raw e-mail | index | archive | help
--XOIedfhf+7KOe/yw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Aug 02, 2005 at 02:38:36PM +0300, Giorgos Keramidas wrote:
> On 2005-08-02 14:05, Vasil Dimov <vd@datamax.bg> wrote:
> >On Tue, Aug 02, 2005 at 12:33:48PM +0300, Giorgos Keramidas wrote:
> >>On 2005-08-02 09:29, Vasil Dimov <vd@datamax.bg> wrote:
> >>>> *)
> >>>> - if (/bin/mkdir -p /tmp/.diskless 2> /dev/null); then
> >>>> - rmdir /tmp/.diskless
> >>>> + if ( > /tmp/.diskless 2> /dev/null); then
> >>>> + rm /tmp/.diskless
> >>>> else
> >>>> if [ -h /tmp ]; then
> >>>> echo "*** /tmp is a symlink to a non-writabl=
e area!"
> >>>
> >>> The thing you suggest is bloody insecure. Just imagine some baduser
> >>> doing ln -s /etc/passwd /tmp/.diskless before rc.d/tmp gets executed.
> >>> I guess this is the reason why directory creation is used instead of
> >>> file creation.
> >>>
> >>> I just wonder why a new shell is forked for this test. Simply if
> >>> /bin/mkdir -p /tmp/.diskless 2> /dev/null ; then would do the same
> >>> thing without forking a new shell that only executes /bin/mkdir
> >>
> >> I think it's because the current shell is allowed to exit if a command
> >> fails while a conditional test like this is run:
> >>
> >> if mkdir /tmp/foo; then
> >> echo foo
> >> rmdir /tmp/foo
> >> fi
> >>
> >> and mkdir may fail.
> >
> > What do you mean by "allowed to exit"?
> > sh -e?
>=20
> You're right, of course. I forgot the script I was looking at had the -e
> option enabled.
>=20
Hmmz, I don't think /etc/rc.d/tmp is started with sh -e. Anyway even if
it is, this will not cause sh to exit if mkdir fails.
=66rom sh(1):
-e errexit
Exit immediately if any untested command fails in non-interactive
mode. The exit status of a command is considered to be explic-
itly tested if the command is used to control an if, elif, while,
# sh -e -c 'if mkdir /a/b ; then echo t ; else echo f ; fi ; echo still ali=
ve'
mkdir: /a: No such file or directory
f
still alive
#
And even more - the braces () would not save us if the command were
intested because the forked shell exits with the exit status of the
last command executed (e.g. if mkdir fails it will fail too):
# sh -e -c '( mkdir /a/b ) ; echo still alive'
mkdir: /a: No such file or directory
#
So what is the point of doing "if ( mkdir ... ) ; then" instead of
"if mkdir ... ; then"? Did I miss something...
--XOIedfhf+7KOe/yw
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
iD8DBQFC73T5Fw6SP/bBpCARAldOAJ9GqwJuWtD3qhI8VBru68vvH6VOugCgy6gJ
fGabF22MCrpv8LvO4w8RB6M=
=KClg
-----END PGP SIGNATURE-----
--XOIedfhf+7KOe/yw--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050802132826.GB23261>