25 Apr
2017
25 Apr
'17
2:18 a.m.
On Mon, Apr 24, 2017 at 08:06:28PM -0400, Ron Natalie wrote:
Thanks for correcting my hasty conclusions. /usr/source/s2/rm.c has an
execl call in the rm() function, but I didn't dig further into the
calling mechanism.
V7's /usr/src/cmd/rm.c definitely explicitly has a check for '..' and
an error message dedicated to the task.
So I think we can conclude that unix got this protection sometime
between V6 and V7 -- in other words, sometime in the late 1970s.
And systemd is now catching up. "Those who do not study unix" etc
khm
rm in V6 outsources globbing to /etc/glob, which
appears to report
no-match if the first character is .
Actually, it's the shell that calls glob. Glob then invokes the command
(in this case rm).
Anyhow, that doesn't do what you think it does. It ignores directory
entries that begin with '.' if the search string doesn't begin with ..
".*" will indeed match ".."
Of course, the calamity depends on whether you have /tmp on it's own
filesystem. V6 didn't go .. off the top of the filesystem, the root ..
just linked back to the inode 1 (the root itself).