From nobody@FreeBSD.org  Sun Sep 26 18:24:28 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4CD62106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 26 Sep 2010 18:24:28 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 3C4058FC13
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 26 Sep 2010 18:24:28 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o8QIORnH092347
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 26 Sep 2010 18:24:27 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o8QIORiF092345;
	Sun, 26 Sep 2010 18:24:27 GMT
	(envelope-from nobody)
Message-Id: <201009261824.o8QIORiF092345@www.freebsd.org>
Date: Sun, 26 Sep 2010 18:24:27 GMT
From: "Kevin K. Han" <ikevin.c11@revvo.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: symbolic link bug
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         150972
>Category:       misc
>Synopsis:       symbolic link bug
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Sep 26 18:30:08 UTC 2010
>Closed-Date:    Sat Oct 30 08:15:18 UTC 2010
>Last-Modified:  Sat Oct 30 08:15:18 UTC 2010
>Originator:     Kevin K. Han
>Release:        8.1
>Organization:
The Global Technopolis Corporation
>Environment:
8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:36:49 UTC 2010     root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64

>Description:
Create a directory on the root folder, for example ("/whatever").
Switch to user's home directory ("cd /usr/home/username") ... from now onwards, work in this directory:
Create a symbolic link from inside a user's home ("ln -s /whatever .")
Execute this: ("chown -R username:username whatever")
Try to delete it using ("rm whatever")... it will say it is a directory. It is still not deleted!
Then, try to delete using ("rm -r -f whatever/"), no errormessage, BUT It is still there!
Then, again, try the same thing ("rm whatever")... It is GONE, INCLUDING the original at "/whatever" !!!


>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:

From: Bruce Evans <brde@optusnet.com.au>
To: "Kevin K. Han" <ikevin.c11@revvo.org>
Cc: freebsd-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org
Subject: Re: misc/150972: symbolic link bug
Date: Mon, 27 Sep 2010 06:25:42 +1000 (EST)

 On Sun, 26 Sep 2010, Kevin K. Han wrote:
 
 >> Description:
 > Create a directory on the root folder, for example ("/whatever").
 > Switch to user's home directory ("cd /usr/home/username") ... from now onwards, work in this directory:
 > Create a symbolic link from inside a user's home ("ln -s /whatever .")
 > Execute this: ("chown -R username:username whatever")
 
 Apparently you are still running as root after creating /whatever.  This
 chown -R has no effect even as root.  (A plain chown would change /whatever
 and chown -h would change the symlink.)
 
 > Try to delete it using ("rm whatever")... it will say it is a directory. It is still not deleted!
 
 I don't see this.  It would be a bad bug.  rm is required to not follow
 symlinks.  A broken version of rm might stat() the symlink and decide
 that it is a directory, and then rewrite its name to "whatever/" for
 maximal brokenness (other utilities do need to append a slash sometimes,
 and this is not easy to get right); then unlink("whatever/") would say
 it is a directory.
 
 > Then, try to delete using ("rm -r -f whatever/"), no errormessage, BUT It is still there!
 
 This is how symlinks work.  "whatever/" is whatever the symlink points to.
 It is "/whatever" here.  So this commands removes "/whatever" and leaves
 the symlink untouched.
 
 > Then, again, try the same thing ("rm whatever")... It is GONE, INCLUDING the original at "/whatever" !!!
 
 Consistent with a broken rm stat()ing the symlink.  The previous command
 removed "/whatever", so "whatever" is a dangling symlink and stat()ing it
 wouldn't see it as a directory.
 
 Bruce

From: jhell <jhell@DataIX.net>
To: "Kevin K. Han" <ikevin.c11@revvo.org>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: misc/150972: symbolic link bug
Date: Sun, 26 Sep 2010 16:40:30 -0400

 On 09/26/2010 14:24, Kevin K. Han wrote:
 > Create a directory on the root folder, for example ("/whatever").
 
 I assume ``root'' creates this directory.
 
 > Switch to user's home directory ("cd /usr/home/username") ... from now onwards, work in this directory:
 
 This is a normal user account != uid/0
 
 > Create a symbolic link from inside a user's home ("ln -s /whatever .")
 
 If the above is true then this symlink is not uid/gid 0
 
 > Execute this: ("chown -R username:username whatever")
 
 You have now just given yourself permission to remove this folder, but
 ok lets continue.
 
 > Try to delete it using ("rm whatever")... it will say it is a directory. It is still not deleted!
 
 Ok ( rm whatever ) symlink gone and directory /whatever still exists.
 
 > Then, try to delete using ("rm -r -f whatever/"), no errormessage, BUT It is still there!
 
 rm -rf whatever/
 rm: whatever/: Permission denied
 ls -ld whatever
 lrwxr-x---  1 jhell  jhell  10 Sep 26 16:30 whatever -> /whatever/
 ls -ld /whatever
 drwxr-xr-x  2 jhell  jhell  512 Sep 26 16:23 /whatever
 
 > Then, again, try the same thing ("rm whatever")... It is GONE, INCLUDING the original at "/whatever" !!!
 
 rm whatever
 ls -ld whatever
 ls: whatever: No such file or directory
 ls -ld /whatever
 drwxr-xr-x  2 jhell  jhell  512 Sep 26 16:23 /whatever
 
 
 There is a different meaning for symlinks when you specify a trailing
 slash as where a rm /path/to/symlink and rm /path/to/symlink/ having
 different meanings and this can be expected and is proper use.
 
 When you did "( rm -r -f whatever/ )" you were actually telling rm to
 remove the /whatever directory instead of the symlink so as you went on
 you had never checked whether that directory was still there before you
 continued to try and remove the symlink.
 
 As a normal user you should not be able to remove /whatever even if it
 is owned by you.
 
 Are you using a ZFS filesystem or a UFS filesystem ?
 
 -- 
 
  jhell,v
State-Changed-From-To: open->feedback 
State-Changed-By: jh 
State-Changed-When: Wed Sep 29 13:31:36 UTC 2010 
State-Changed-Why:  
If you really see the error after the first "rm whatever", please 
provide a ktrace(1) or truss(1) output and mention which file system you 
are using. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=150972 
State-Changed-From-To: feedback->closed 
State-Changed-By: jh 
State-Changed-When: Sat Oct 30 08:15:16 UTC 2010 
State-Changed-Why:  
Feedback timeout. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=150972 
>Unformatted:
