Re: chmod/chown -R - maybe an ITP
On Tue, 14 Dec 1999, Craig Sanders wrote:
>On Tue, Dec 14, 1999 at 10:05:53AM +1100, Craig Sanders wrote:
>> find $@ -uid $1 | xargs chown $2
>a safer version (but still vulnerable to races) is:
> find $@ -uid $1 -follow -links 1 | xargs chown $2
>you could write a safe-chown program, but even that would be vulnerable
>to races, since there is no atomic test-and-chown operation...it would
>just reduce the window of opportunity.
You are wrong.
If you open a file and then use fstat() to determine the current ownership
and then fchown() to change the ownership then you are certain that about the
original ownership of the file you are chowning. You may not be certain
about the place in the file system it came from, but that doesn't matter so
To do this properly you will first want to stat() the file (to avoid messing
with the atime of files you aren't doing anything with), if stat() indicates
that the file should be changed then open(), fstat() (to make sure that links
haven't been changed from under you), and then fchown() and close().
Now from memory I think that the buffer size for a pipe is 4K or 8K. If it's
only 4K and you have a set of files with 8 byte names then you could have
512 files in the pipeline if the buffer is 4K. If find uses printf() then you
add another 4K of printf() buffering.
Also xargs in Potato uses a default of 1024 parameters per command.
So we could be looking at a queue of well over 2000 files to be processed by
PS I doubt that the -follow and -links options to find will help at all. If
the bad user is replacing a real file they own with a link to somewhere else
then it shouldn't make any difference. Please explain if there's something I
The ultimate result is that some innovations that would truly benefit
consumers never occur for the sole reason that they do not coincide with
-- Judge Thomas Penfield Jackson, U.S. District Judge