Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Apple MacOSX 10.9 Hard Link Memory Corruption
From: Stefan Arentz <stefan () basement sateh com>
Date: Fri, 8 Nov 2013 16:14:51 -0500

On Thu, Nov 07, 2013 at 10:50:59PM +0000, submit () cxsec org wrote:

mac-cxs-XK:pochd XK$ gcc -o test test.c
mac-cxs-XK:pochd XK$ ls
test  test.c
mac-cxs-XK:pochd XK$ mkdir DIR1
mac-cxs-XK:pochd XK$ ./test DIR1 Hardlink1
link(3) return= -1
mac-cxs-XK:pochd XK$ mkdir DIR1/DIR2
mac-cxs-XK:pochd XK$ ./test DIR1/DIR2 Hardlink2
link(3) return= 0
mac-cxs-XK:pochd XK$ cd DIR1
mac-cxs-XK:DIR1 XK$ mkdir DIR2/DIR3
mac-cxs-XK:DIR1 XK$ ../test DIR2/DIR3 Hardlink3
link(3) return= 0
mac-cxs-XK:DIR1 XK$ cd DIR2
mac-cxs-XK:DIR2 XK$ mkdir DIR3/DIR4
mac-cxs-XK:DIR2 XK$ ../../test DIR3/DIR4 Hardlink4
link(3) return= -1

The first failing case is easily explained: directory hard links cannot have the same
parent. This is checked in hfs_link.c[1] in hfs_vnop_link(). Search for the following

         * All directory links must reside in an non-ARCHIVED hierarchy.
        if (v_type == VDIR) {
                 * - Source parent and destination parent cannot match
                 * - A link is not permitted in the root directory
                 * - Parent of 'pointed at' directory is not the root directory
                 * - The 'pointed at' directory (source) is not an ancestor
                 *   of the new directory hard link (destination).
                 * - No ancestor of the new directory hard link (destination) 
                 *   is a directory hard link.
                if ((parentcnid == tdcp->c_fileid) ||
                    (tdcp->c_fileid == kHFSRootFolderID) ||
                    (parentcnid == kHFSRootFolderID) ||
                    cat_check_link_ancestry(hfsmp, tdcp->c_fileid, cp->c_fileid)) {
                        error = EPERM;  /* abide by the rules, you did not */
                        goto out;

Does this also explain the last case?


[1] http://opensource.apple.com/source/xnu/xnu-2422.1.72/bsd/hfs/hfs_link.c 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]