83

This has always puzzled me. Why does the root directory contain a reference to a parent directory?

bob@bob:/$ ls -a
.     build  home            lib32       mnt   .rpmdb   sys  vmlinuz
..    cdrom  initrd.img      lib64       opt   sbin     tmp  vmlinuz.old
bin   dev    initrd.img.old  lost+found  proc  selinux  usr
boot  etc    lib             media       root  srv      var

I understand how directories are managed in the filesystem - each directory has n+2 pointers to itself (n = number of subdirectories inside the directory). One for each immediate subdirectory, one for its parent, and one for itself.

But what is /'s parent?

Nathan Osman
  • 6,240

2 Answers2

74

/.. points to /:

$ ls -id /
2 /
$ ls -id /..
2 /..

Both have the same inode number, which happens to be 2 on this system. (The exact value doesn't matter.)

It's done for consistency. This way, there doesn't have to be code in the kernel to check where it currently is when it processes a .. in a path. You can say cd .. forever, and never go deeper than the root.

Warren Young
  • 72,032
  • 1
    So /../../../../.. is a valid path then? (And is equal to /.) – Nathan Osman Jan 12 '11 at 03:09
  • 22
    @George I believe exploits that take advantage of relative paths use that; you don't have to guess the current folder, you just do ../../../../../../../../../../../../../../../../etc/passwd – Michael Mrozek Jan 12 '11 at 03:36
  • 24
    What difference would that make with simply using /etc/passwd ? – jlliagre Jan 12 '11 at 07:46
  • 11
    @jlliagre: There are programs that check whether a file is under the current directory by testing whether it begins with /. Between ../ (not necessarily at the beginning!) and symbolic links, it's very hard to do, especially considering the attacker may be moving directories under the program's nose. – Gilles 'SO- stop being evil' Jan 12 '11 at 08:08
  • 4
    I see, they should at least use canonicalize_file_name or realpath. – jlliagre Jan 12 '11 at 14:37
  • @MichaelMrozek: I'm confused whether it's a good thing or a bad thing that / has .. that points to itself... – musiphil Dec 03 '12 at 03:10
  • 5
    @musiphil: It's a good thing. Michael was just pointing out that it's a feature that can be exploited for bad ends, if code isn't written to cope with the exploit. If we got rid of all features that can be exploited, computers would be very dull things. – Warren Young Dec 03 '12 at 03:50
  • @WarrenYoung what could be a good use for that feature?? – amyassin Jan 22 '13 at 12:27
  • 2
    As I wrote in my answer, it makes the system consistent. There is no special case. Also, as a rule, Unix doesn't second-guess the user. If there is a reasonable way for the system to comply with a command, it will. The alternative is a system that's always telling you "no," or asking "are you really really sure?" – Warren Young Jan 23 '13 at 23:39
  • 1
    @WarrenYoung: I would change "reasonable" to "reasonable and unambiguous". – dotancohen Feb 02 '14 at 10:39
40

It's there because it's a guarantee made by Unix: every directory contains two entries, . which refers to itself, and .. which refers to the parent.

The root directory of the current namespace is special, in that .. points to the same thing as ., but not so special to break the guarantee made by the OS to programs. When those contracts are broken, things go wrong and everyone points fingers.

The root directory that you see might, in the filesystem on disk, actually have a different parent directory. The view of the filesystems provided in the mounted namespace is what enforces the .. = . rule for /. So if you're in a chroot() jail, you will see /.. = / even though someone outside the jail looking at /path/to/jail/.. will see /path/to instead.

Phil P
  • 510
  • 1
    How many programs depend on the "contract" that / has .. that points to itself? I think it could have been equally (or more) acceptable for / NOT to have ... – musiphil Dec 03 '12 at 03:13
  • Does anyone have a source which confirms this theory? – Julian Hollmann Aug 29 '14 at 08:41
  • 1
    Well, man 5 dir on a BSD system will walk you through the documented API, and items stated in the API are part of the contract. – Phil P Oct 01 '14 at 17:47
  • 2
    find has an optimisation that relies on the n+2 contract. – ctrl-alt-delor Jul 15 '16 at 18:45
  • 2
    Oh, and of course if you want a source then just go read the specification. POSIX at http://pubs.opengroup.org/onlinepubs/9699919799/ in section 4.12: "The special filename dot shall refer to the directory specified by its predecessor. The special filename dot-dot shall refer to the parent directory of its predecessor directory. As a special case, in the root directory, dot-dot may refer to the root directory itself." – Phil P Jul 20 '16 at 18:51