* [Oystein Viggen] > I believe that the code already > present in rm to prevent symlink race attacks should also be enough to > prevent similar translator attacks.
Actually, I don't believe this anymore. I guess that when you stat . in the root of a translator directory, you are talking to the translator for the current file system, and not the parent translator, right? What rm currently does for safe (on Unix) recursion is mainly: lstat directory chdir directory stat . compare the the two stat results to make sure we are seeing the same directory. I believe it would be possible to attach a translator to the directory in between the first stat and the chdir, and then have it return data to the second stat that is crafted to look exactly like what you would get from stat'ing the directory that it is attached to. Modifying rm to use open() and fchdir() seems to be the only way to get safe operation on the Hurd. Oystein -- This message was generated by a horde of attack elephants armed with PRNGs. _______________________________________________ Bug-hurd mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-hurd
