Follow-up Comment #4, bugs #11879 (project findutils):
Dmitry, thanks for looking at this.
1. That hunk of test code existed only to place a marker in the strace
output. It should have been removed earlier. It would have leaked a file
descriptor!
2. You're right. That exposes find to the very security problem that this
mechanism is supposed to fix! Stupid me. Fixed.
3. Most of the checks in dafely_chdir_lstat() just relate to checking and
reporting problems with the lstat() results. I believe that these checks are
no longer required, or do you believe I have missed something? I have moved
complete_pending_execdirs() up into safely_chdir() though.
Thanks for the very useful feedback. I attach an updated patch. The
updated patch is _really_ a patch afainst findutils 4.2.17, so it also
contains some minor changes to the find manpage which aren;t relevant here.
_______________________________________________________
Additional Item Attachment:
File name: findutils-4.2.17-nofollow-try2.patch Size:24 KB
Second proposed fix (as patch against 4.2.17 release)
<http://savannah.gnu.org/bugs/download.php?item_id=11879&item_file_id=2187>
_______________________________________________________
This item URL is:
<http://savannah.gnu.org/bugs/?func=detailitem&item_id=11879>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
_______________________________________________
Bug-findutils mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-findutils
