On Tue, 26 Apr 2005, Christophe Boyanique wrote:
Derrick J Brashear a écrit :
Well, a while ago there was a discussion about this related to NFS, and it's quite possibly the same problem, though it's much less an issue if you're not show your users du output.
http://64.233.187.104/search?q=cache:9aAtHxcLfIUJ:asg.web.cmu.edu/archive/message.php%3Fmailbox%3Darchive.info-cyrus%26msg%3D34476+cyrus+nfs+rmdir+site:asg.web.cmu.edu&hl=en
So it seems that someone read that mail :)
I recall but am too lazy to check that he posted the patch after I suggested snooping nfs protocol traffic to determine if the directory was empty. So, well, I think there was even evidence of it at the time;-)
Is there a way to integrate this patch at least in Cyrus 2.1 and 2.2 ?
2.2: probably. it's actually uncommitted in my sandbox now. Ken's point about "can you remove your cwd" remains.
2.1: it's not a security fix.
