Re: autoclean mode for tmpfs

[Mouse <mouse%Rodents-Montreal.ORG@localhost>]

> My guess for steps to create the problem is:

> [...]
> ... and the tmp cleanup does a "rmdir /tmp/foo/bar", [...]

That's the classic way to abuse such things.  That's why I postulated a
form of rm -r that doesn't construct multi-directory pathnames, but
instead fchdir()s into each directory and then uses slash-free
pathnames to refer to things in that directory - and then fchdir()s
back out, thereby guaranteeing returning to the old directory even if
someone's playing symlink games.  I also specified statting . after
fchdiring to make sure the fchdir went where it was supposed to.

One of the downsides of this is that it needs one file descriptor per
level of directory.  It could also, of course, be done by forking, or
by a hybrid solution that uses file descriptors, but forks when it runs
out of fds, thereby (roughly) dividing the number of processes required
by the number of availalble file descriptors.

It's got some problems, of course.  But I don't think vulnerability to
symlink games such as you outline is one of them.

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse%rodents-montreal.org@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B