Eric Schrock <> wrote:

> On Mon, Jun 25, 2012 at 11:19 AM, <> wrote:
> >
> >
> > In the very beginning, mkdir(1) was a set-uid application; it used
> > "mknod" to make a directory and then created a link from
> >        newdir to newdir/.
> > and from
> >        "." to newdir/..
> >
> Interesting, guess you learn something new every day :-)

This was a nice way to become superuser those days.....

Just run a loop to make a directory in /tmp and run another program that tries 
to remove the directory and replace it by a hadlink to /etc/passwd. Mkdir(1) 
then did a "chown <you> /etc/passwd"... We tried this and it took aprox. 
30 minutes to become super user this way.

And BSD introduced the syscall mkdir(2) to fix this and this is is why UFS was 
not designed to support link(2) in directories.

BTW: to implement mkdir(2), there was a new struct dirtemplate in the kernel 
with the following comment:

 * A virgin directory (no blushing please). 
struct dirtemplate mastertemplate = { 
        0, 12, 1, ".", 
        0, DIRBLKSIZ - 12, 2, ".." 

This is the first time where Sun verified not to have humor, as Sun removed 
that comment...


-- (home) Jörg Schilling D-13353 Berlin                (uni) (work) Blog:
zfs-discuss mailing list

Reply via email to