[patch] rc.d/tmp (silly mkdir usage)

Vasil Dimov vd at datamax.bg
Tue Aug 2 13:28:28 GMT 2005 

On Tue, Aug 02, 2005 at 02:38:36PM +0300, Giorgos Keramidas wrote:
> On 2005-08-02 14:05, Vasil Dimov <vd at datamax.bg> wrote:
> >On Tue, Aug 02, 2005 at 12:33:48PM +0300, Giorgos Keramidas wrote:
> >>On 2005-08-02 09:29, Vasil Dimov <vd at datamax.bg> wrote:
> >>>>  *)
> >>>> -       if (/bin/mkdir -p /tmp/.diskless 2> /dev/null); then
> >>>> -               rmdir /tmp/.diskless
> >>>> +       if ( > /tmp/.diskless 2> /dev/null); then
> >>>> +               rm /tmp/.diskless
> >>>>         else
> >>>>                 if [ -h /tmp ]; then
> >>>>                         echo "*** /tmp is a symlink to a non-writable area!"
> >>>
> >>> The thing you suggest is bloody insecure. Just imagine some baduser
> >>> doing ln -s /etc/passwd /tmp/.diskless before rc.d/tmp gets executed.
> >>> I guess this is the reason why directory creation is used instead of
> >>> file creation.
> >>>
> >>> I just wonder why a new shell is forked for this test. Simply if
> >>> /bin/mkdir -p /tmp/.diskless 2> /dev/null ; then would do the same
> >>> thing without forking a new shell that only executes /bin/mkdir
> >>
> >> I think it's because the current shell is allowed to exit if a command
> >> fails while a conditional test like this is run:
> >>
> >> 	if mkdir /tmp/foo; then
> >> 		echo foo
> >> 		rmdir /tmp/foo
> >> 	fi
> >>
> >> and mkdir may fail.
> >
> > What do you mean by "allowed to exit"?
> > sh -e?
> 
> You're right, of course.  I forgot the script I was looking at had the -e
> option enabled.
> 

Hmmz, I don't think /etc/rc.d/tmp is started with sh -e. Anyway even if
it is, this will not cause sh to exit if mkdir fails.

from sh(1):
-e errexit
        Exit immediately if any untested command fails in non-interactive
        mode.  The exit status of a command is considered to be explic-
        itly tested if the command is used to control an if, elif, while,

# sh -e -c 'if mkdir /a/b ; then echo t ; else echo f ; fi ; echo still alive'
mkdir: /a: No such file or directory
f
still alive
#

And even more - the braces () would not save us if the command were
intested because the forked shell exits with the exit status of the
last command executed (e.g. if mkdir fails it will fail too):

# sh -e -c '( mkdir /a/b ) ; echo still alive'
mkdir: /a: No such file or directory
#

So what is the point of doing "if ( mkdir ... ) ; then" instead of
"if mkdir ... ; then"? Did I miss something...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 155 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20050802/c30ff763/attachment.bin

More information about the freebsd-hackers mailing list