lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 23 Nov 2004 21:17:52 +0000
From: James Youngman <bugtraq@...ession.spiral-arm.org>
To: Martin Buchholz <Martin.Buchholz@....COM>
Cc: bug-findutils@....org, parimiv@...haw.com, bugtraq@...urityfocus.com,
	srevilak@...akeasy.net, levon@...ementarian.org
Subject: Re: Changes to the filesystem while find is running - comments?


On Tue, Nov 23, 2004 at 09:17:02AM +0000, James Youngman wrote:

> The only problem that occurs to me is that we did not recheck "foo" to
> see if it still matches the predictes specified on the find command
> line (think about commands like 
> 	find /z -user fred -o -name baz -print

Sorry, that should have been :
 	find /z -user fred -prune -o -name baz -print


> ... here, if the original "foo" was owned by root but the "new" foo is
> owned by fred, our retrying technique has ensured that we have
> wandered into a place which we are not supposed to.  It's possible
> that we could simply reissue process_path() to retry instead of
> directly trying the chdir("foo") again.  I can't remember offhand if
> that is likely to be a viable strategy.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ