On Tue, 26 Apr 2016 20:02:48 +0100, Al Viro said: > > The biggest danger I can see is some shell script doing something like: > > > > foobar > $dir/$targetfile > > > > and $targetfile is unset. If we allow a program to get an open fd that refers > > to a directory, what are the semantics of various operations on that fd? > > Huh? We certainly do allow to get an open fd that refers to a directory - > how else could ls(1) possibly work? See getdents(2) - it does use an > open file descriptor to specify the directory we operate upon. Gaah.. I lost a few words in there - /bin/ls is *expecting* to operate on a directory, so to calls getdents. I meant some generic program that opened a directory in error, and was expecting to act on "stream of bytes" > We also do not allow opening directories for *write*, and in that case EISDIR > is the right error (and we do return it). OK, that and ftruncate() are about the only ways to cause trouble with a directory opened by accident...
Attachment:
pgp2YagauZhbs.pgp
Description: PGP signature
