Bugtraq mailing list archives
Re: mail.local.c patch
From: neil () legless demon co uk (Neil Woods)
Date: Sun, 19 Feb 1995 01:24:30 +0100 (GMT)
/*
The original version of this has two possible races which can cause
problems.
The first is when the file we are about to open doesn't exist, in which
case there is a race between the lstat() and the open() in which someone
can create a symlink to anywhere. The file pointed at must not exist
but this still allows the creation of .rhosts etc.
From mail.local.c:
if (lstat(path, &sb)) {
mbfd = open(path,
O_APPEND|O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
open(2) doesn't follow symlinks when O_CREAT and O_EXCL are set, so we
don't have a race here. We're doing an lstat(2) to see if path exists,
and to save information about path.
The second is harder as it must fool the check on the inode number etc. I'm not sure if there really is a race here but I get the feeling that someone *might* be able to almost fill a file-system, such that they get the same inode number after the race.
As we are checking device no as well as inode no, we again avoid race
conditions.
Cheers,
Neil
--
Let the Mystery Be, So Watcha Want, Longing In Their Hearts, Hate My Way,
M-Bike, Safari, Uncle June and Aunt Kiyoti, Daisy Dead Petals, Tuff Gnarl.
...like a badger with an afro throwing sparklers at the Pope...
Current thread:
- mail.local.c patch Jon Peatfield (Feb 18)
- MAILING REQUEST Anonymous the XXIIV (Feb 18)
- Re: mail.local.c patch Neil Woods (Feb 18)
- Re: mail.local.c patch Christopher Samuel (Feb 20)
- HP-UX Problem... Mr Martin J Hargreaves (Feb 19)
- Re: HP-UX Problem... Aaron Sherman (Feb 20)
- Re: HP-UX Problem... Andrew Hughes (Feb 20)
- Bugtraq mailing list William B. Chmura (Feb 21)
- fcntl() file locking under Solaris 2.4 Jas (Feb 21)
- Re: fcntl() file locking under Solaris 2.4 Jas (Feb 22)
- snooper watchers Ben Taylor (Feb 22)
- Re: snooper watchers Eric Conrad (Feb 22)
- Re: snooper watchers Ben Taylor (Feb 22)
- Re: HP-UX Problem... Aaron Sherman (Feb 20)