Re: rm-ing files with open file descriptors
Rob Landley (landley@trommello.org)
Sat, 19 Jan 2002 15:24:51 -0500
On Saturday 19 January 2002 10:21 am, Horst von Brand wrote:
> Miquel van Smoorenburg <miquels@cistron.nl> said:
>
> [...]
>
> > It results in:
> >
> > link("/proc/self/fd/3", "flink-test2.txt") = -1 EXDEV (Invalid
> > cross-device lin k)
> >
> > This is probably because link() doesn't look up the target of the
> > symlink, it links the symlink itself. Linux allows symlinks with
> > a nlink count of 2:
> >
> > % ln -s a b
> > % ln b c
> > ln: `b': warning: making a hard link to a symbolic link is not portable
> > % ls -l
> > lrwxrwxrwx 2 miquels staff 1 Jan 19 11:34 b -> a
> > lrwxrwxrwx 2 miquels staff 1 Jan 19 11:34 c -> a
> >
> > This could be hacked around ofcourse in fs/namei.c, so I tried
> > it for fun. And indeed, with a minor correction it works:
> >
> > % perl flink.pl
> > Success.
> >
> > I now have a flink-test2.txt file. That is pretty cool ;)
>
> This is a possible security risk: The unlinking program thinks the file is
> forever inaccessible, but it isn't...
It's only accessable to the same user. (permissions 700 in /proc/blah/fs.)
If you're running at the same user, you can attach a debugger to the process
and look at anything it's got. So it's just an easier way to do something
you could effectively already do anyway...
Rob
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/