GNU bug report logs - #21534
Bug in mkdir?!

Previous Next

Package: coreutils;

Reported by: Sebastian Unger <sebunger44 <at> gmail.com>

Date: Tue, 22 Sep 2015 17:27:01 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Sebastian Unger <sebunger44 <at> gmail.com>
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: 21534-done <at> debbugs.gnu.org
Subject: bug#21534: Bug in mkdir?!
Date: Wed, 23 Sep 2015 16:02:11 +1200

[Message part 1 (text/plain, inline)]
Hi Paul,

First of all thanks for the exceptionally quick response & fix. The mode of
the file system isn't so much a security feature but a reflection of its
functionality: As you drop files into a particular area, they are moved
somewhere else under the hood by the fuse. But given what you are saying
about expecting issues like this with more tools, I may actually make
directories readable to avoid issues.

You did get my name ever so slightly wrong in the patch, but if that's
already committed, then don't bother with it.

Cheers,
Seb

On 23 September 2015 at 15:09, Paul Eggert <eggert <at> cs.ucla.edu> wrote:

> Sebastian Unger wrote:
>
>> Why is it trying to open the directory
>> in the first place?
>>
>
> Security.
>
> Apparently POSIX doesn't allow this level of paranoia for mkdir -p, so I
> removed it in the attached Gnulib patch, and this should appear in the next
> coreutils release.
>
> A filesystem that doesn't let you read your own directory that you just
> created is likely to run into other problems like this -- i.e., the
> practice may introduce more security problems than it closes.  But I
> digress.
>

[Message part 2 (text/html, inline)]
This bug report was last modified 9 years and 245 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.