> I think we need to implement opendir_safer, alongside all the other
> *_safer modules. Otherwise, opendir can end up placing an open directory
> fd in one of the standard slots, and end up interfering with the intent of
> all the other *_safer wrappers.
And here's at least one use case where it matters:
$ find dir -mindepth 1 -ok echo {} \; <&-
< echo ... dir/sub > ?
$ echo $?
0
$ oldfind dir -mindepth 1 -ok echo {} \; <&-
< echo ... dir/sub > ? oldfind: error closing file
$ echo $?
1
Oops - the fts-based version calls getline() while fd 0 is tied
to dir, while oldfind was successfully able to recognize that
fd 0 was unreadable. And on platforms where reading a
directory returns data (yes, such fringe platforms still exist),
rather than my platform's choice that read(dir) returns EOF
without error, this could inadvertently end up executing the
-ok command based on whether the binary contents of the
directory resemble 'y'; at any rate, reading from a directory
fd can lead to all sorts of bad behavior.
I tried finding a use case with 'rm -ri <&-', but there, the query
of whether to descend occurs before the opendir, so fd 0 is
not tied to an open directory at that moment in time, and
the query fails because the read fails, so no further actions
are attempted.
I didn't try finding a case in tar, although I suspect it may
be possible to find one.
--
Eric Blake
--
View this message in context:
http://www.nabble.com/need-opendir_safer%2C-dirent--.h-tp25190069p25193082.html
Sent from the Gnulib mailing list archive at Nabble.com.
