From arlankfo@verizon.net  Thu Feb 13 20:22:21 2003
Return-Path: <arlankfo@verizon.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9634037B401
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 13 Feb 2003 20:22:21 -0800 (PST)
Received: from out008.verizon.net (out008pub.verizon.net [206.46.170.108])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9DF2F43FBD
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 13 Feb 2003 20:22:20 -0800 (PST)
	(envelope-from arlankfo@verizon.net)
Received: from verizon.net ([138.88.47.217]) by out008.verizon.net
          (InterMail vM.5.01.05.20 201-253-122-126-120-20021101) with ESMTP
          id <20030214042220.SJRH25811.out008.verizon.net@verizon.net>
          for <FreeBSD-gnats-submit@freebsd.org>;
          Thu, 13 Feb 2003 22:22:20 -0600
Message-Id: <20030214042220.SJRH25811.out008.verizon.net@verizon.net>
Date: Thu, 13 Feb 2003 23:22:11 -0500
From: arlankfo@141.com
Sender: arlankfo@verizon.net
Reply-To: Andrew Lankford <arlankfo@141.com>
To: FreeBSD-gnats-submit@freebsd.org
Subject: bug with find's -delete option
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         48271
>Category:       bin
>Synopsis:       bug with find's -delete option
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 13 20:30:00 PST 2003
>Closed-Date:    Mon Jun 25 20:37:46 GMT 2007
>Last-Modified:  Mon Jun 25 20:37:46 GMT 2007
>Originator:     Andrew Lankford
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
none
>Environment:
System: FreeBSD bogushost2 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Thu Feb 13 20:27:55 EST 2003 root@bogushost2:/usr/obj/usr/src/sys/ARL5KERNEL i386

>Description:
Find's -delete option incorrectly checks for relative pathnames.

>How-To-Repeat:

	# cd /

	# mkdir testdir

	# mkdir testdir/testdir2

	# find /testdir -delete
	find: -delete: /testdir: relative path potentially not safe

>Fix:

--- /usr/src/usr.bin/find/function.c	2003/02/13 06:42:07	1.1
+++ /usr/src/usr.bin/find/function.c	2003/02/13 07:14:57
@@ -395,7 +395,7 @@
 		errx(1, "-delete: insecure options got turned on");
 
 	/* Potentially unsafe - do not accept relative paths whatsoever */
-	if (strchr(entry->fts_accpath, '/') != NULL)
+	if (*(entry->fts_accpath) != '/')
 		errx(1, "-delete: %s: relative path potentially not safe",
 			entry->fts_accpath);

>Release-Note:
>Audit-Trail:

From: Friedemann Becker <Friedemann.Becker@web.de>
To: freebsd-gnats-submit@FreeBSD.org, arlankfo@141.com
Cc:  
Subject: Re: bin/48271: bug with find's -delete option
Date: Wed, 14 Jan 2004 18:53:13 +0100

 Find in fact is working as documented. The manpage says "[...] will not 
 attempt to delete a filename with a ``/'' character in its pathname 
 relative to ``.'' for security reasons."
 Maybe one could document what those security reasons are, but the code 
 is correct.
 
 pr should be set to 'closed' or 'feedback'
 
 

From: =?iso-8859-1?Q?Bj=F6rn_K=F6nig?= <bkoenig@alpha-tierchen.de>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: bin/48271: bug with find's -delete option
Date: Mon, 25 Jun 2007 22:22:40 +0200 (CEST)

 This is really not a bug. Close this PR.
 
State-Changed-From-To: open->closed 
State-Changed-By: remko 
State-Changed-When: Mon Jun 25 20:37:43 UTC 2007 
State-Changed-Why:  
Bjorn mentions that this is not a bug, close the PR. Thanks for the 
feedback! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=48271 
>Unformatted:
