Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 1 Apr 2012 19:30:17 GMT
From:      Matthew Story <matthewstory@gmail.com>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: bin/166553: find -delete documentation is misleading
Message-ID:  <201204011930.q31JUHLE038557@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/166553; it has been noted by GNATS.

From: Matthew Story <matthewstory@gmail.com>
To: Richard Kettlewell <rjk@greenend.org.uk>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: bin/166553: find -delete documentation is misleading
Date: Sun, 1 Apr 2012 15:25:00 -0400

 On Sun, Apr 1, 2012 at 1:25 PM, Richard Kettlewell <rjk@greenend.org.uk> wr=
 ote:
 > On 01/04/2012 18:24, Matthew Story wrote:
 >>
 >> On Sun, Apr 1, 2012 at 5:24 AM, Richard Kettlewell<rjk@greenend.org.uk>
 >> =A0wrote:
 >>>
 >>>
 >>> The documentation for 'find -delete' includes the following remark:
 >>>
 >>> =A0 =A0It will not attempt to delete a filename with a =93/=94 characte=
 r in its
 >>> pathname relative to =93.=94 for security reasons.
 >>>
 >>> This reflects a defensive test early in f_delete. However, the test wil=
 l
 >>> not succeed, since find does not use FTS_NOCHDIR, so entry->fts_accpath
 >>> should never contain "/".
 >>
 >>
 >> $ # show test succeeds
 >> $ mkdir -p foo/bar/baz
 >> $ find ./foo -delete
 >> find: -delete: ./foo: relative path potentially not safe
 >>
 >> The reason that fts_accpath contains a leading ``./'' in this case is
 >> that fts, even without FTS_NOCHDIR, does not chdir into the parent
 >> directory of depth 0 directories on the first pass, fts_accpath will
 >> always equal fts_pathname on depth 0 FTSENTs.
 >
 >
 > Light dawns l-)
 >
 > Still, the wording could be improved: it doesn't really describe well whe=
 n
 > -delete will succeed and when it won't.
 
 Yes, the wording is confusing, and it's not actually a correct
 assessment of what the code is doing ... it also doesn't note that
 this condition is fatal:
 
 $ # show that an absolute path also triggers the condition
 $ ./find /usr/home/user1/foo -depth 0 -delete
 find: -delete: /usr/home/user1/foo: relative path potentially not safe
 $ echo $?
 1
 
 The code here is actually just fatalling out if FTSENT->fts_accpath
 contains a ``/'', wether or not it is preceded by a ``.''  There is an
 additional misleading comment in the code to the same end as the
 manage.
 
 /* Potentially unsafe - do not accept relative paths whatsoever */
 
 >
 > ttfn/rjk
 
 
 
 --=20
 regards,
 matt



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201204011930.q31JUHLE038557>