Bugtraq mailing list archives
Re: Symlinks and Cryogenic Sleep
From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Wed, 5 Jan 2000 09:34:01 +0100
I think I see a flaw with this... Goetz Babin-Ebell wrote:
I did something that way: FILE *DoOpen(const char *cpFile, long bAppend) { FILE *spNew; FILE *spTest; struct stat sStat; spTest = fopen(cpFile,"a"); if (!spTest) { Log("ERR FILE OPEN",cpFile); return NULL; } if (lstat(cpFile,&sStat)) { Log("ERR STAT",cpFile); return NULL; } if ((sStat.st_mode & S_IFMT) == S_IFLNK) { fclose(spTest); Log("ERR ISLINK",cpFile); return NULL; } if (bAppend) spNew = spTest; else { spNew = freopen(cpFile,"w",spTest); fclose(spTest); } if (!spNew) { Log("ERR FILE OPEN",cpFile); return NULL; } return spFile; }
In my tired state, I get the feeling that you open yourself up to an inverted race situation here. In this situation, the file that you open may be a link, but before it is stat()ed, it may be deleted (yes you can do this even though it is open) and replaced with a normal file, so that stat() won't complain. I'd suggest that you don't stat the file by name, but rather by the file descriptor that you already have (_fstat()?); this way you know that you are stat()ing the same file that you actually opened (I hope!). Oh, and the freopen() call opens you up to another race situation (I think). AFAIK, freopen() is just a shorthand for fclose() followed by fopen(), so that leaves room for a race situation. (I might be talking out of my arse here tho) If it were me, I'd move the file pointer to 0 and set the file length to 0; this way the file remains open all the time, and you still get the desired effect. <flame shield> I'm _REALLY_ tired Just so you know :-) </flame shield> /Mike -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50 Mobile: +46-(0)70-248 00 33 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
Current thread:
- Symlinks and Cryogenic Sleep Olaf Kirch (Jan 03)
- Re: Symlinks and Cryogenic Sleep Mark A. Heilpern (Jan 03)
- Re: Symlinks and Cryogenic Sleep Casper Dik (Jan 04)
- Re: Symlinks and Cryogenic Sleep Olaf Kirch (Jan 04)
- Re: Symlinks and Cryogenic Sleep Henrik Nordstrom (Jan 04)
- First Telecom E-conso service totally insecure Thomas Quinot (Jan 03)
- Re: Symlinks and Cryogenic Sleep Goetz Babin-Ebell (Jan 04)
- Re: Symlinks and Cryogenic Sleep pedward () WEBCOM COM (Jan 04)
- Re: Symlinks and Cryogenic Sleep Christos Zoulas (Jan 04)
- Re: Symlinks and Cryogenic Sleep Mikael Olsson (Jan 05)
- Re: Symlinks and Cryogenic Sleep Marc Heuse (Jan 05)
- Re: Symlinks and Cryogenic Sleep Wietse Venema (Jan 04)
- Re: Symlinks and Cryogenic Sleep Pavel Machek (Jan 04)
- Security problem with Solstice Backup/Legato Networker recover command Chris Siebenmann (Jan 04)
- Local / Remote D.o.S Attack in IMail IMONITOR Server for WinNT Version 5.08 Ussr Labs (Jan 05)
- Re: Symlinks and Cryogenic Sleep Pavel Kankovsky (Jan 05)
- [RHSA-2000:002] New lpr packages available Bill Nottingham (Jan 07)
- <Possible follow-ups>
- Re: Symlinks and Cryogenic Sleep der Mouse (Jan 03)
- Re: Symlinks and Cryogenic Sleep Marc Heuse (Jan 04)
- Re: Symlinks and Cryogenic Sleep John Cochran (Jan 04)
(Thread continues...)
- Re: Symlinks and Cryogenic Sleep Mark A. Heilpern (Jan 03)