[PATCH] bb_make_directory(): simplify and robustify
Rasmus Villemoes
rasmus.villemoes at prevas.dk
Mon Mar 16 07:51:25 UTC 2020
On 11/03/2020 13.22, Rasmus Villemoes wrote:
> For something like 'mkdir -m 0700 foo', if the caller happens to have
> a permissive umask (say allowing group write via 0007 or 0002), the
> created directory will temporarily have more permissions than
> requested. That's a mild security issue.
>
> This reworks bb_make_directory() to always create both intermediate
> and the final component with 0 permissions, then chmods to the final
> value.
Urgh, please ignore this patch. While it works as advertised, it may
break the case of two processes doing "mkdir -p a/b/c" and "mkdir -p
a/b/d" in parallel - if b is created by the first process, but not yet
chmod'ed, the second process will fail. So newly created intermediate
directories must be born with at least u+wx, which means there's no way
around umask fiddling :(
Rasmus
More information about the busybox
mailing list