From unknown Sat Aug 16 12:45:46 2025 X-Loop: help-debbugs@gnu.org Subject: bug#8117: ln to /tmp is irreversible Resent-From: =?UTF-8?Q?K=C5=99i=C5=A1tof_?= =?UTF-8?Q?=C5=BDelechovski?= Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-coreutils@gnu.org Resent-Date: Fri, 25 Feb 2011 17:35:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 8117 X-GNU-PR-Package: coreutils X-GNU-PR-Keywords: To: 8117@debbugs.gnu.org X-Debbugs-Original-To: bug-coreutils@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.129865529227635 (code B ref -1); Fri, 25 Feb 2011 17:35:02 +0000 Received: (at submit) by debbugs.gnu.org; 25 Feb 2011 17:34:52 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Pt1Z5-0007Bf-8G for submit@debbugs.gnu.org; Fri, 25 Feb 2011 12:34:51 -0500 Received: from eggs.gnu.org ([140.186.70.92]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Pt0s4-0006Dd-C8 for submit@debbugs.gnu.org; Fri, 25 Feb 2011 11:50:24 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Pt0rt-00069n-Ih for submit@debbugs.gnu.org; Fri, 25 Feb 2011 11:50:19 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD autolearn=unavailable version=3.3.1 Received: from lists.gnu.org ([199.232.76.165]:50464) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Pt0rt-00069h-Gq for submit@debbugs.gnu.org; Fri, 25 Feb 2011 11:50:13 -0500 Received: from [140.186.70.92] (port=37937 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Pt0rh-0008Lf-N6 for bug-coreutils@gnu.org; Fri, 25 Feb 2011 11:50:13 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Pt0rc-00061v-NV for bug-coreutils@gnu.org; Fri, 25 Feb 2011 11:50:01 -0500 Received: from shark.2a.pl ([195.117.102.3]:49846) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Pt0rc-00060x-IE for bug-coreutils@gnu.org; Fri, 25 Feb 2011 11:49:56 -0500 Received: from av.2a.pl (av.2a.pl [195.117.102.9]) by shark.2a.pl (Postfix) with ESMTP id 4A7BA2A7107 for ; Fri, 25 Feb 2011 17:49:48 +0100 (CET) X-Virus-Scanned: amavisd-new at 2a.pl Received: from shark.2a.pl ([195.117.102.3]) by av.2a.pl (av.2a.pl [195.117.102.9]) (amavisd-new, port 10024) with ESMTP id h7dLonfF69+Q for ; Fri, 25 Feb 2011 17:49:42 +0100 (CET) Received: from linux-075r.localnet (unknown [10.8.1.26]) by shark.2a.pl (Postfix) with ESMTPA id F38622A710E for ; Fri, 25 Feb 2011 17:49:41 +0100 (CET) From: =?UTF-8?Q?K=C5=99i=C5=A1tof_?= =?UTF-8?Q?=C5=BDelechovski?= Date: Fri, 25 Feb 2011 17:54:33 +0100 User-Agent: KMail/1.13.6 (Linux/2.6.34.7-0.7-desktop; KDE/4.6.0; x86_64; ; ) MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <201102251754.36233.giecrilj@stegny.2a.pl> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 199.232.76.165 X-Spam-Score: -6.6 (------) X-Mailman-Approved-At: Fri, 25 Feb 2011 12:34:49 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -6.6 (------) == To reproduce: == 1. Find a file in /tmp owned by somebody else and not owned by you. Say a.txt. 2. { ln a.txt b1.txt; } # you created b.txt based on a.txt 3. { rm b1.txt; } # error: Operation not permitted. 4. Go to step 2, replacing b1 by b2, and so on. ( 5. ??? ) ( 6. Profit. ) == The conclusion == Allowing irreversible operations is a bad thing, and this is not a circumstance where an exception would be appropriate. The tool ln should not allow the operator to create an entry he cannot delete. == Workaround == Never put anything into /tmp. Use /tmp/kde-$LOGNAME (or whatever your directory is) instead. IMHO, Chris From unknown Sat Aug 16 12:45:46 2025 X-Loop: help-debbugs@gnu.org Subject: bug#8117: ln to /tmp is irreversible Resent-From: Eric Blake Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-coreutils@gnu.org Resent-Date: Fri, 25 Feb 2011 20:25:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 8117 X-GNU-PR-Package: coreutils X-GNU-PR-Keywords: To: =?UTF-8?Q?K=C5=99i=C5=A1tof_?= =?UTF-8?Q?=C5=BDelechovski?= Cc: 8117@debbugs.gnu.org Received: via spool by 8117-submit@debbugs.gnu.org id=B8117.129866545810352 (code B ref 8117); Fri, 25 Feb 2011 20:25:02 +0000 Received: (at 8117) by debbugs.gnu.org; 25 Feb 2011 20:24:18 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Pt4D2-0002gu-Tm for submit@debbugs.gnu.org; Fri, 25 Feb 2011 15:24:17 -0500 Received: from mx1.redhat.com ([209.132.183.28]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Pt4D0-0002gi-5P for 8117@debbugs.gnu.org; Fri, 25 Feb 2011 15:24:15 -0500 Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p1PKO82g032538 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 25 Feb 2011 15:24:08 -0500 Received: from [10.3.113.116] (ovpn-113-116.phx2.redhat.com [10.3.113.116]) by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id p1PKO7jr000531; Fri, 25 Feb 2011 15:24:07 -0500 Message-ID: <4D680FE6.9040700@redhat.com> Date: Fri, 25 Feb 2011 13:24:06 -0700 From: Eric Blake Organization: Red Hat User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101209 Fedora/3.1.7-0.35.b3pre.fc14 Lightning/1.0b3pre Mnenhy/0.8.3 Thunderbird/3.1.7 MIME-Version: 1.0 References: <201102251754.36233.giecrilj@stegny.2a.pl> In-Reply-To: <201102251754.36233.giecrilj@stegny.2a.pl> X-Enigmail-Version: 1.1.2 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig60BC8D0B7A7CD6E7A74B904F" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 X-Spam-Score: -10.2 (----------) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -10.2 (----------) This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig60BC8D0B7A7CD6E7A74B904F Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 02/25/2011 09:54 AM, K=C5=99i=C5=A1tof =C5=BDelechovski wrote: > =3D=3D To reproduce: =3D=3D >=20 > 1. Find a file in /tmp owned by somebody else and not owned by you. = Say a.txt. > 2. { ln a.txt b1.txt; } # you created b.txt based on a.txt You created another name for a.txt; the permissions of the underlying inode (whether you access it via the name a.txt or via the name b1.txt) are the same; it is still owned by somebody else. > 3. { rm b1.txt; } # error: Operation not permitted. This is a security feature. /tmp is intentionally created with the sticky deletion bit set, so that the only person that can remove a file in that directory is the owner of the file. Think of the consequences if this were not the case: you create a temp file with mode 0600 (only accessible to you), someone else spies the file name, removes your inode, and creates a replacement file by the same name but a different inode in its place but with mode 0666. Then they can do whatever they want with your temporary data, including reading what you thought was private. But in a sticky directory, the attack is thwarted - since they don't own your file, they can't replace it with a different inode of the same name but different permissions. And yes, this means that creating hard links to someone else's file has effectively created a file belonging to someone else, and not to you. Just as you can't remove their original file, you can't remove the new name you created for that file (but they can). > Allowing irreversible operations is a bad thing, But it is mandated by POSIX that a system that honors the sticky bit must perform in this manner. There's nothing we can do in coreutils to change how link(2) behaves in the kernel, therefore, we can't make ln(1) reject this call, even though the results are a bit surprising to a novic= e. > =3D=3D Workaround =3D=3D > Never put anything into /tmp. Use /tmp/kde-$LOGNAME (or whatever your = directory is) instead. That's a bit harsh. Rather, the rule of thumb is don't create hard links to anyone else's data in a sticky directory, because you won't own those hard links. --=20 Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org --------------enig60BC8D0B7A7CD6E7A74B904F Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNaA/nAAoJEKeha0olJ0NqNLYH/3c2xlYwM1ql7r0srlXQwovz eRBLlN1eSGjf+VdEg5jBF9u8eAECXZNOUREUJzn7t6m0FTGJOSamduyyyR67OI+2 wWlUQ3qa2S6nTXMsh3+tWdsthETb8Ka5jJozWWrJctAFW2LQUq3WPlvVlBcc0ihz w4/wsYMzEctxLGSw+Wru5uaoYYJ14jl7zE/4i/SxAOreJtSNo9Nq43BYboQF3JYk 6A9qqzYS+4YUynjhpvInNX0KLNbKuogO9/kU3Goooou/p/uRmk/sO29jZakelf4V dAlR0vt44IJUHkANUniQpRC3T3mOtX/wyVyMCk/dTZOMFe+gui3grYcYZqhVXJ4= =l9fi -----END PGP SIGNATURE----- --------------enig60BC8D0B7A7CD6E7A74B904F-- From unknown Sat Aug 16 12:45:46 2025 X-Loop: help-debbugs@gnu.org Subject: bug#8117: ln to /tmp is irreversible Resent-From: Bob Proulx Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-coreutils@gnu.org Resent-Date: Fri, 25 Feb 2011 21:02:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 8117 X-GNU-PR-Package: coreutils X-GNU-PR-Keywords: To: =?UTF-8?Q?K=C5=99i=C5=A1tof_?= =?UTF-8?Q?=C5=BDelechovski?= Cc: 8117@debbugs.gnu.org Received: via spool by 8117-submit@debbugs.gnu.org id=B8117.129866771013538 (code B ref 8117); Fri, 25 Feb 2011 21:02:02 +0000 Received: (at 8117) by debbugs.gnu.org; 25 Feb 2011 21:01:50 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Pt4nO-0003WJ-4n for submit@debbugs.gnu.org; Fri, 25 Feb 2011 16:01:50 -0500 Received: from joseki.proulx.com ([216.17.153.58]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Pt4nK-0003W5-Bx for 8117@debbugs.gnu.org; Fri, 25 Feb 2011 16:01:47 -0500 Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119]) by joseki.proulx.com (Postfix) with ESMTP id 7E9EE21308; Fri, 25 Feb 2011 14:01:40 -0700 (MST) Received: by hysteria.proulx.com (Postfix, from userid 1000) id 7B0162DC3B; Fri, 25 Feb 2011 14:01:40 -0700 (MST) Date: Fri, 25 Feb 2011 14:01:40 -0700 From: Bob Proulx Message-ID: <20110225210140.GA8106@hysteria.proulx.com> References: <201102251754.36233.giecrilj@stegny.2a.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <201102251754.36233.giecrilj@stegny.2a.pl> User-Agent: Mutt/1.5.20 (2009-06-14) Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.4 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.4 (--) tags 8117 + notabug thanks K=C5=99i=C5=A1tof =C5=BDelechovski wrote: > 1. Find a file in /tmp owned by somebody else and not owned by you. = Say a.txt. > 2. { ln a.txt b1.txt; } # you created b.txt based on a.txt > 3. { rm b1.txt; } # error: Operation not permitted. Yes this is true. But this doesn't have anything to do with either 'ln' or 'rm' but is instead a behavior associated with Unix filesystems and specifically the behavior of the sticky-bit on directories. It is an operating system policy. Therefore I am tagging this as not a bug in the bug tracking system. > 4. Go to step 2, replacing b1 by b2, and so on. > ( 5. ??? ) > ( 6. Profit. ) You are concerned that an authorized local user can fill up any open writable sticky-bit directory with files that they cannot remove themselves. But if you have a locally authorized user that is causing trouble then you already know this user and can take action against them. This is not a remote attack vulnerability. In other words, this is very similar to someone who lives in the house and who leaves the kitchen in your house dirty. If someone who lives in your house doesn't clean up the pots and pans after they use them then this will impact other members who also live in the house. But they live in the house and you know them. Remove their kitchen privileges if they do not behave. > Allowing irreversible operations is a bad thing, and this is not a > circumstance where an exception would be appropriate. The tool ln > should not allow the operator to create an entry he cannot delete. Whether that is true or not doesn't really matter to coreutils since it is the filesystem in the kernel that enforces those permissions. It isn't something that ln or rm or other program has any ability to do anything about it. Note that there are different filesystems other than the Unix filesystem model. People keep trying to improve the model with other paradigms such as ACLs and so forth. Perhaps one day the Unix filesystem model will be replaced with something quite different. But for the past forty years it has been the current model. Thank you for your report anyway. Bob From debbugs-submit-bounces@debbugs.gnu.org Fri Feb 25 16:26:11 2011 Received: (at control) by debbugs.gnu.org; 25 Feb 2011 21:26:11 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Pt5Aw-00044N-Ux for submit@debbugs.gnu.org; Fri, 25 Feb 2011 16:26:11 -0500 Received: from joseki.proulx.com ([216.17.153.58]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Pt5Av-00044A-G9 for control@debbugs.gnu.org; Fri, 25 Feb 2011 16:26:10 -0500 Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119]) by joseki.proulx.com (Postfix) with ESMTP id AB43A21308 for ; Fri, 25 Feb 2011 14:26:03 -0700 (MST) Received: by hysteria.proulx.com (Postfix, from userid 1000) id A433C2DC3B; Fri, 25 Feb 2011 14:26:03 -0700 (MST) Date: Fri, 25 Feb 2011 14:26:03 -0700 From: Bob Proulx To: control@debbugs.gnu.org Subject: add tag Message-ID: <20110225212603.GA23909@hysteria.proulx.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14) X-Spam-Score: -2.4 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.4 (--) tags 8117 + notabug thanks From unknown Sat Aug 16 12:45:46 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: =?UTF-8?Q?K=C5=99i=C5=A1tof_?= =?UTF-8?Q?=C5=BDelechovski?= Subject: bug#8117: closed (Re: bug#8117: ln to /tmp is irreversible) Message-ID: References: <20110410035848.GA11205@hysteria.proulx.com> <201102251754.36233.giecrilj@stegny.2a.pl> X-Gnu-PR-Message: they-closed 8117 X-Gnu-PR-Package: coreutils X-Gnu-PR-Keywords: notabug Reply-To: 8117@debbugs.gnu.org Date: Sun, 10 Apr 2011 03:59:01 +0000 Content-Type: multipart/mixed; boundary="----------=_1302407941-28781-1" This is a multi-part message in MIME format... ------------=_1302407941-28781-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #8117: ln to /tmp is irreversible which was filed against the coreutils package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 8117@debbugs.gnu.org. --=20 8117: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D8117 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1302407941-28781-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 8117-done) by debbugs.gnu.org; 10 Apr 2011 03:58:56 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Q8lnb-0007Tx-Rr for submit@debbugs.gnu.org; Sat, 09 Apr 2011 23:58:56 -0400 Received: from joseki.proulx.com ([216.17.153.58]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Q8lna-0007Tm-4h for 8117-done@debbugs.gnu.org; Sat, 09 Apr 2011 23:58:54 -0400 Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119]) by joseki.proulx.com (Postfix) with ESMTP id 654C621638; Sat, 9 Apr 2011 21:58:48 -0600 (MDT) Received: by hysteria.proulx.com (Postfix, from userid 1000) id 51BD92DC53; Sat, 9 Apr 2011 21:58:48 -0600 (MDT) Date: Sat, 9 Apr 2011 21:58:48 -0600 From: Bob Proulx To: =?utf-8?B?S8WZacWhdG9mIMW9ZWxlY2hvdnNraQ==?= Subject: Re: bug#8117: ln to /tmp is irreversible Message-ID: <20110410035848.GA11205@hysteria.proulx.com> References: <201102251754.36233.giecrilj@stegny.2a.pl> <20110225210140.GA8106@hysteria.proulx.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20110225210140.GA8106@hysteria.proulx.com> User-Agent: Mutt/1.5.21 (2010-09-15) Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.4 (--) X-Debbugs-Envelope-To: 8117-done Cc: 8117-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.4 (--) Bob Proulx wrote: > K=C5=99i=C5=A1tof =C5=BDelechovski wrote: > > 1. Find a file in /tmp owned by somebody else and not owned by you.= Say a.txt. > > 2. { ln a.txt b1.txt; } # you created b.txt based on a.txt > > 3. { rm b1.txt; } # error: Operation not permitted. >=20 > Yes this is true. But this doesn't have anything to do with either > 'ln' or 'rm' but is instead a behavior associated with Unix > filesystems and specifically the behavior of the sticky-bit on > directories. It is an operating system policy. Therefore I am > tagging this as not a bug in the bug tracking system. There wasn't any further discussion, it is an operating system filesystem behavior, and so I am closing this bug in the bug tracking system for coreutils. Bob ------------=_1302407941-28781-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 25 Feb 2011 17:34:52 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Pt1Z5-0007Bf-8G for submit@debbugs.gnu.org; Fri, 25 Feb 2011 12:34:51 -0500 Received: from eggs.gnu.org ([140.186.70.92]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Pt0s4-0006Dd-C8 for submit@debbugs.gnu.org; Fri, 25 Feb 2011 11:50:24 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Pt0rt-00069n-Ih for submit@debbugs.gnu.org; Fri, 25 Feb 2011 11:50:19 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD autolearn=unavailable version=3.3.1 Received: from lists.gnu.org ([199.232.76.165]:50464) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Pt0rt-00069h-Gq for submit@debbugs.gnu.org; Fri, 25 Feb 2011 11:50:13 -0500 Received: from [140.186.70.92] (port=37937 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Pt0rh-0008Lf-N6 for bug-coreutils@gnu.org; Fri, 25 Feb 2011 11:50:13 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Pt0rc-00061v-NV for bug-coreutils@gnu.org; Fri, 25 Feb 2011 11:50:01 -0500 Received: from shark.2a.pl ([195.117.102.3]:49846) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Pt0rc-00060x-IE for bug-coreutils@gnu.org; Fri, 25 Feb 2011 11:49:56 -0500 Received: from av.2a.pl (av.2a.pl [195.117.102.9]) by shark.2a.pl (Postfix) with ESMTP id 4A7BA2A7107 for ; Fri, 25 Feb 2011 17:49:48 +0100 (CET) X-Virus-Scanned: amavisd-new at 2a.pl Received: from shark.2a.pl ([195.117.102.3]) by av.2a.pl (av.2a.pl [195.117.102.9]) (amavisd-new, port 10024) with ESMTP id h7dLonfF69+Q for ; Fri, 25 Feb 2011 17:49:42 +0100 (CET) Received: from linux-075r.localnet (unknown [10.8.1.26]) by shark.2a.pl (Postfix) with ESMTPA id F38622A710E for ; Fri, 25 Feb 2011 17:49:41 +0100 (CET) From: =?iso-8859-2?q?K=F8i=B9tof_=AEelechovski?= To: bug-coreutils@gnu.org Subject: ln to /tmp is irreversible Date: Fri, 25 Feb 2011 17:54:33 +0100 User-Agent: KMail/1.13.6 (Linux/2.6.34.7-0.7-desktop; KDE/4.6.0; x86_64; ; ) MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <201102251754.36233.giecrilj@stegny.2a.pl> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 199.232.76.165 X-Spam-Score: -6.6 (------) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Fri, 25 Feb 2011 12:34:49 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -6.6 (------) == To reproduce: == 1. Find a file in /tmp owned by somebody else and not owned by you. Say a.txt. 2. { ln a.txt b1.txt; } # you created b.txt based on a.txt 3. { rm b1.txt; } # error: Operation not permitted. 4. Go to step 2, replacing b1 by b2, and so on. ( 5. ??? ) ( 6. Profit. ) == The conclusion == Allowing irreversible operations is a bad thing, and this is not a circumstance where an exception would be appropriate. The tool ln should not allow the operator to create an entry he cannot delete. == Workaround == Never put anything into /tmp. Use /tmp/kde-$LOGNAME (or whatever your directory is) instead. IMHO, Chris ------------=_1302407941-28781-1--