FYI, I've just discovered and fixed a bug that the average
user is not likely to encounter:

When a non-root user runs "rm -r ..." to remove a (deep) hierarchy,
rm would mistakenly prompt about each full relative name that is
longer than ~8K (or PATH_MAX if that's smaller).
The work-around is easy: use "rm -rf" or "rm -rI".

For example, "rm -r dir" would prompt about each writable directory
dir/.../x whose name length (strlen("dir/.../x")) is longer than
MIN (PATH_MAX, 8192).

        "rm -r DIR" would mistakenly prompt about very long names
        * src/remove.c (write_protected_non_symlink): Return 0(-1) when
        euidaccess_stat pronounces a writable(not-writable) file, not -1(0).
        * tests/rm/deep-2: New file.  Test for the above-fixed bug.
        * tests/rm/Makefile.am (TESTS): Add deep-2.
        Discovered while reviewing this change:
        http://thread.gmane.org/gmane.comp.gnu.coreutils.bugs/13071

Signed-off-by: Jim Meyering <[EMAIL PROTECTED]>
---
 NEWS                 |    3 ++
 src/remove.c         |    2 +-
 tests/rm/Makefile.am |    4 +-
 tests/rm/deep-2      |   53 ++++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 59 insertions(+), 3 deletions(-)
 create mode 100755 tests/rm/deep-2

diff --git a/NEWS b/NEWS
index dfe2cb5..c05e0ad 100644
--- a/NEWS
+++ b/NEWS
@@ -30,6 +30,9 @@ GNU coreutils NEWS                                    -*- 
outline -*-
   at the end of the option argument to --flag-truncation=STRING (-F),
   --word-regexp=REGEXP (-W), or --sentence-regexp=REGEXP (-S).

+  "rm -r DIR" would mistakenly declare to be "write protected" -- and
+  prompt about -- full DIR-relative names longer than MIN (PATH_MAX, 8192).
+
   "rmdir --ignore-fail-on-non-empty" detects and ignores the failure
   in more cases when a directory is empty.

diff --git a/src/remove.c b/src/remove.c
index 9c6dc9e..7ba1e38 100644
--- a/src/remove.c
+++ b/src/remove.c
@@ -799,7 +799,7 @@ write_protected_non_symlink (int fd_cwd,
       = obstack_object_size (&ds->dir_stack) + strlen (file);

     if (MIN (PATH_MAX, 8192) <= file_name_len)
-      return - euidaccess_stat (buf, W_OK);
+      return euidaccess_stat (buf, W_OK) ? 0 : -1;
     if (euidaccess (xfull_filename (ds, file), W_OK) == 0)
       return 0;
     if (errno == EACCES)
diff --git a/tests/rm/Makefile.am b/tests/rm/Makefile.am
index 6b65959..d7a09d9 100644
--- a/tests/rm/Makefile.am
+++ b/tests/rm/Makefile.am
@@ -1,7 +1,6 @@
 # Make coreutils tests for "rm".                       -*-Makefile-*-

-# Copyright (C) 1997, 1998, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
-# Free Software Foundation, Inc.
+# Copyright (C) 1997-1998, 2000-2008 Free Software Foundation, Inc.

 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,6 +16,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 TESTS = \
+  deep-2 \
   deep-1 \
   hash \
   dangling-symlink \
diff --git a/tests/rm/deep-2 b/tests/rm/deep-2
new file mode 100755
index 0000000..d5e1b57
--- /dev/null
+++ b/tests/rm/deep-2
@@ -0,0 +1,53 @@
+#!/bin/sh
+# Ensure rm -r DIR does not prompt for very long full relative names in DIR.
+
+# Copyright (C) 2008 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+if test "$VERBOSE" = yes; then
+  set -x
+  rm --version
+fi
+
+. $srcdir/../test-lib.sh
+
+# Root can run this test, but it always succeeds, since for root, all
+# files are writable, and write_protected_non_symlink never reaches
+# the offending euidaccess_stat call.
+skip_if_root_
+
+mkdir x || framework_failure
+cd x || framework_failure
+
+# Construct a hierarchy containing a relative file with a name
+: ${PERL=perl}
+$PERL \
+    -e 'my $d = "x" x 200; foreach my $i (1..52)' \
+    -e '  { mkdir ($d, 0700) && chdir $d or die "$!" }' \
+  || framework_failure
+
+cd .. || framework_failure
+echo n > no || framework_failure
+
+fail=0
+rm ---presume-input-tty -r x < no > out || fail=1
+
+# expect empty output
+test -s out && fail=1
+
+# the directory must have been removed
+test -d x && fail=1
+
+(exit $fail); exit $fail
--
1.5.5.rc1.13.g79388


_______________________________________________
Bug-coreutils mailing list
Bug-coreutils@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-coreutils

Reply via email to