> It "checks for directoriness", and if it is a directory it chdir's into it.
> This does not do anything at all to prevent someone changing the name which
> used to be a directory into a link to somewhere else in the meantime. You
> have to assume an attacker can make your Perl script run arbitrarily slow
> (not like this is hard with Perl in the first place) and therefore can do
> bad things in between the lstat and the chdir. The modification to the
> GNU find I wrote (hopefully) catches any such possible attack. I have not
> looked at the RedHat thing Steven mentions, so I can't comment on how well
> it does in this regard.
The "Red Hat thing" (I like the phrase, so I thought I'd quote it) does
indeed check to make sure it chdir()ed into the place it expected to via
st_dev and st_ino information.
While you can certainly do something just like this with perl, I wrote
the tmpwatch Red Hat uses in C because we don't like putting basic
system components in perl (or python, or tcl...). I don't feel like
arguing about perl, it's just a decision to keep a minimal Red Hat system
as small as possible.
tmpwatch is GPLed, in case anyone else cares to look at it.
Erik
-------------------------------------------------------------------------------
| "For the next two hours, VH1 will be filled with foul-mouthed, |
| crossdressing Australians. Viewer discretion is advised." |
| |
| Erik Troan = ewt@redhat.com = ewt@sunsite.unc.edu |