Module Name: src
Committed By: dholland
Date: Wed Jun 13 07:35:37 UTC 2012
Modified Files:
src/bin/rm: rm.c
Log Message:
Rectify race condition in rm -P processing by checking that the file
we opened is the one we expected to get. Also use O_NOFOLLOW to help
avoid even opening devices, which sometimes produce side effects.
Reported by Radoslaw A. Zarzynski.
To generate a diff of this commit:
cvs rdiff -u -r1.51 -r1.52 src/bin/rm/rm.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/bin/rm/rm.c
diff -u src/bin/rm/rm.c:1.51 src/bin/rm/rm.c:1.52
--- src/bin/rm/rm.c:1.51 Sat Jan 21 16:38:41 2012
+++ src/bin/rm/rm.c Wed Jun 13 07:35:37 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: rm.c,v 1.51 2012/01/21 16:38:41 christos Exp $ */
+/* $NetBSD: rm.c,v 1.52 2012/06/13 07:35:37 dholland Exp $ */
/*-
* Copyright (c) 1990, 1993, 1994, 2003
@@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1990, 19
#if 0
static char sccsid[] = "@(#)rm.c 8.8 (Berkeley) 4/27/95";
#else
-__RCSID("$NetBSD: rm.c,v 1.51 2012/01/21 16:38:41 christos Exp $");
+__RCSID("$NetBSD: rm.c,v 1.52 2012/06/13 07:35:37 dholland Exp $");
#endif
#endif /* not lint */
@@ -380,7 +380,7 @@ rm_file(char **argv)
static int
rm_overwrite(char *file, struct stat *sbp)
{
- struct stat sb;
+ struct stat sb, sb2;
int fd, randint;
char randchar;
@@ -394,8 +394,18 @@ rm_overwrite(char *file, struct stat *sb
return 0;
/* flags to try to defeat hidden caching by forcing seeks */
- if ((fd = open(file, O_RDWR|O_SYNC|O_RSYNC, 0)) == -1)
+ if ((fd = open(file, O_RDWR|O_SYNC|O_RSYNC|O_NOFOLLOW, 0)) == -1)
+ goto err;
+
+ if (fstat(fd, &sb2)) {
goto err;
+ }
+
+ if (sb2.st_dev != sbp->st_dev || sb2.st_ino != sbp->st_ino ||
+ !S_ISREG(sb2.st_mode)) {
+ errno = EPERM;
+ goto err;
+ }
#define RAND_BYTES 1
#define THIS_BYTE 0
