> > I'm very reluctant to try opening every file in the > > filesystem just in case it turns out to be a directory we need to > > descend into. > > Your reluctance is understandable, since it is incorrect to > always open every directory entry. The corresponding file > might be a special file, and opening devices can have side > effects (e.g., opening and closing a tape device might > rewind it). Similarly for other kinds of files (e.g., > fifos).
Right. And since the lstat and the open can be very far apart, an unprivileged user can _very_easily_ do DoS against find by changing a directory into a fifo, while find is traversing some deep directory tree. There's O_DIRECTORY on Linux (I don't know about other systems) to handle this kind of problem. On systems not supporting O_DIRECTORY, moving the lstat() and the open() close to each other still makes a lot of sence from the security POV. So fts seems to have a security bug, as well as not working for non-POSIX filesystems. And they have a common underlying reason. If you assume too much about the system, you will easily fall into these kind of security traps. If you assume as little as possible about the system, it will not only be more secure, but will also work better on sub-standard systems. Miklos _______________________________________________ Bug-findutils mailing list Bug-findutils@gnu.org http://lists.gnu.org/mailman/listinfo/bug-findutils
