Re: [patch] rc.d/tmp (silly mkdir usage)

Tue, 02 Aug 2005 06:28:37 -0700 

On Tue, Aug 02, 2005 at 02:38:36PM +0300, Giorgos Keramidas wrote:
> On 2005-08-02 14:05, Vasil Dimov <[EMAIL PROTECTED]> wrote:
> >On Tue, Aug 02, 2005 at 12:33:48PM +0300, Giorgos Keramidas wrote:
> >>On 2005-08-02 09:29, Vasil Dimov <[EMAIL PROTECTED]> wrote:
> >>>>  *)
> >>>> -       if (/bin/mkdir -p /tmp/.diskless 2> /dev/null); then
> >>>> -               rmdir /tmp/.diskless
> >>>> +       if ( > /tmp/.diskless 2> /dev/null); then
> >>>> +               rm /tmp/.diskless
> >>>>         else
> >>>>                 if [ -h /tmp ]; then
> >>>>                         echo "*** /tmp is a symlink to a non-writable 
> >>>> area!"
> >>>
> >>> The thing you suggest is bloody insecure. Just imagine some baduser
> >>> doing ln -s /etc/passwd /tmp/.diskless before rc.d/tmp gets executed.
> >>> I guess this is the reason why directory creation is used instead of
> >>> file creation.
> >>>
> >>> I just wonder why a new shell is forked for this test. Simply if
> >>> /bin/mkdir -p /tmp/.diskless 2> /dev/null ; then would do the same
> >>> thing without forking a new shell that only executes /bin/mkdir
> >>
> >> I think it's because the current shell is allowed to exit if a command
> >> fails while a conditional test like this is run:
> >>
> >>    if mkdir /tmp/foo; then
> >>            echo foo
> >>            rmdir /tmp/foo
> >>    fi
> >>
> >> and mkdir may fail.
> >
> > What do you mean by "allowed to exit"?
> > sh -e?
> 
> You're right, of course.  I forgot the script I was looking at had the -e
> option enabled.
> 

Hmmz, I don't think /etc/rc.d/tmp is started with sh -e. Anyway even if
it is, this will not cause sh to exit if mkdir fails.

from sh(1):
-e errexit
        Exit immediately if any untested command fails in non-interactive
        mode.  The exit status of a command is considered to be explic-
        itly tested if the command is used to control an if, elif, while,

# sh -e -c 'if mkdir /a/b ; then echo t ; else echo f ; fi ; echo still alive'
mkdir: /a: No such file or directory
f
still alive
#

And even more - the braces () would not save us if the command were
intested because the forked shell exits with the exit status of the
last command executed (e.g. if mkdir fails it will fail too):

# sh -e -c '( mkdir /a/b ) ; echo still alive'
mkdir: /a: No such file or directory
#

So what is the point of doing "if ( mkdir ... ) ; then" instead of
"if mkdir ... ; then"? Did I miss something...

Attachment: pgpgsRSStoakd.pgp
Description: PGP signature

Reply via email to