Re: Locking of serial devices and devfs

To: Russell Coker <russell@coker.com.au>
Cc: debian-devel@lists.debian.org
Subject: Re: Locking of serial devices and devfs
From: Itai Zukerman <zukerman@math-hat.com>
Date: 21 Jun 2001 09:36:48 -0400
Message-id: <[🔎] 87u21avtsf.fsf@matt.w80.math-hat.com>
In-reply-to: <[🔎] 01062113085107.16434@lyta> (Russell Coker's message of "Thu, 21 Jun 2001 13:08:51 +0200")
References: <[🔎] 01062113085107.16434@lyta>

Je Thu, 21 Jun 2001 13:08:51 +0200,
Russell Coker <russell@coker.com.au> scribis:
> if (( p = strstr(dev, "dev/")) != NULL)
>     dev = p + 4; /* point to first byte after "dev/" */
> slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev);
> if(strchr(dev, '/'))
> {
>   char *dir = strdup(dev);
>   *(strchr(dir, '/')) = '\0';
>   mkdir(dir);
>}

(I think you mean lock_file instead of dev in the mkdir block.)

I'm worried that this code lets the user put directories anywhere on
the filesystem.  First run it with dev as "/dev/tts/0" (to create the
lockfile directory), then run it with dev as "tts/../../../foo/bar"
(to create a root directory, "foo").

Why not just remove the leading "/dev/" and convert "/"s to something
harmless like ","?

-- 
Itai Zukerman  <http://www.math-hat.com/~zukerman/>

Reply to:

Follow-Ups:
- Re: Locking of serial devices and devfs
  - From: Russell Coker <russell@coker.com.au>
- Re: Locking of serial devices and devfs
  - From: Chad Miller <cmiller@surfsouth.com>

References:
- Locking of serial devices and devfs
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: Locking of serial devices and devfs
Next by Date: Re: Locking of serial devices and devfs
Previous by thread: Re: Locking of serial devices and devfs
Next by thread: Re: Locking of serial devices and devfs
Index(es):
- Date
- Thread