Bug 123071 - RM FAILS WITH PERMISSION DENIED WHEN LSTAT OF . FAILS
RM FAILS WITH PERMISSION DENIED WHEN LSTAT OF . FAILS
Status: CLOSED DUPLICATE of bug 84552
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: fileutils (Show other bugs)
2.1
All Linux
medium Severity high
: ---
: ---
Assigned To: Tim Waugh
Mike McLean
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-05-11 20:13 EDT by Greg Marsden
Modified: 2007-11-30 17:06 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-21 14:03:11 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Greg Marsden 2004-05-11 20:13:17 EDT
If the current directory does not exist, rm fails
immediately.  This is a result of a bad security
fix for fileutils 4.1 and is fixed in 4.5 and later.

The problem is only on AS2.1

A trivial testcase to reproduce this problem is:
[0] gmarsden@ca-build1:/tmp$ mkdir rmtest
[0] gmarsden@ca-build1:/tmp$ cd rmtest/
[0] gmarsden@ca-build1:/tmp/rmtest$ touch /tmp/file1
[0] gmarsden@ca-build1:/tmp/rmtest$ chmod 0 .
[0] gmarsden@ca-build1:/tmp/rmtest$ rm -f /tmp/file1
rm: cannot lstat `.': Permission denied
[1] gmarsden@ca-build1:/tmp/rmtest$ ls -l /tmp/file1
-rw-rw-r--    1 gmarsden gmarsden        0 May  7 18:52 /tmp/file1


The offending code is actually flagged with a FIXME in the
AS2.1 fileutils package and results from attempting to do an lstat on
the current directory to prevent a security exploit. However, this
check should not happen when not removing recursive directories.

Please fix or upgrade AS2.1 fileutils to 4.5.
Comment 1 Tim Waugh 2004-05-12 04:28:21 EDT

*** This bug has been marked as a duplicate of 84552 ***
Comment 2 Red Hat Bugzilla 2006-02-21 14:03:11 EST
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.