On Wed, Jun 12, 2002 at 10:45:02AM +0300, guy keren wrote: > > On Wed, 12 Jun 2002, Muli Ben-Yehuda wrote: > > > Using a secure, private directory was indeed the answer. Thanks to > > everyone who replied. The code, for the curious, is available at > > >http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/syscalltrack/syscalltrack/tests/tester.c?rev=1.25&content-type=text/vnd.viewcvs-markup > > Look for dir_cleanup() and dir_setup(). Let me know if you poke any > > holes in it ;) > > one thing i always question - how do you erase elements from a container > you're currently scanning? > > in your 'dir_cleanup' code, you seem to be erasing file entries in the > directory while you scan it. i do not know how this works - the man page > does not say anything against this, as far as i can see. however, i do not > trust such code. i usually prefer reading in all the info into memory (i > see 'scandir' can do just that0, and then go on erasing it.
Interesting. I dislike scandir() on general principles for being non
POSIX and for (potentially) being a memory hog. I guess using
rewinddir() would solve that particular problem, and since we're
dealing with a minuscule number of files, it shouldn't be noticeable.
> perhaps its best to look at the code of 'rm -r' to make sure. or even
> better, just invoke 'system("/bin/rm -rf testdirpath")'?
I never invoke "system" when there's an API or library to do what I
want to do.
> you also don't check the permissions of the parent directory of the
> directory in which the test is being carried up, in the dir_setup
> function - althought _perhaps_ this does not matter. here is a scenario:
>
> - the code/binary resides in a user's home dir.
> - the test creates a temporary dir, and cd-s into it.
> - the original user moves the directory containing the test (rename),
> and then creates a new directory with that name, and a directory with
> the name of the one created by the test program, which is actually a
> symlink to /etc.
> - if the test has any full-pathes in it, then the it might cause messes in
> the system.
>
> which is why its probably best to create the test dir under /tmp, after
> verifying that both '/' and '/tmp' belong to root ;)
I'm still not convinced here, and I've got personal reasons to avoid
using /tmp - for one thing, it might not exist (although arguably,
that's a very broken system).
--
Sunday 21 Forelithe 7466
http://vipe.technion.ac.il/~mulix/
http://syscalltrack.sf.net/
msg19997/pgp00000.pgp
Description: PGP signature
