Bugtraq mailing list archives
RE: gzip TOCTOU file-permissions vulnerability
From: "Mark Senior" <Mark.Senior () gov ab ca>
Date: Thu, 14 Apr 2005 09:27:11 -0600
From: Derek Martin [mailto:code () pizzashack org] Sent: April 13, 2005 08:50 The open() call is at fault here. If instead of being called with a mode of RW_USER, it is called with the final intended access mode, there is no need to later call chmod(), and the problem is averted.
One wrinkle - if the file is not intended to have user write permission on it, and gzip (unzip/cpio/pax...) initially created it with the intended permissions, there would be no way to then write the file. The problem, to my understanding, is that the program opens the file by name, then closes it, and then chmod's it, again referring to it by name. During which time, as you pointed out, we could be dealing with a different inode. If the program kept the file open, and used fchmod to change its permissions, referring to it by file descriptor, you could be more sure that it was the same inode it had just been writing to. Cheers Mark --- end of meaningful content, legal bumph follows --- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
Current thread:
- gzip TOCTOU file-permissions vulnerability Imran Ghory (Apr 05)
- Re: gzip TOCTOU file-permissions vulnerability Martin Pitt (Apr 13)
- Re: gzip TOCTOU file-permissions vulnerability Derek Martin (Apr 13)
- Re: gzip TOCTOU file-permissions vulnerability Peter J. Holzer (Apr 13)
- Re: gzip TOCTOU file-permissions vulnerability Joey Hess (Apr 13)
- Re: gzip TOCTOU file-permissions vulnerability psz (Apr 14)
- Re: gzip TOCTOU file-permissions vulnerability Theodor Milkov (Apr 15)
- Re: gzip TOCTOU file-permissions vulnerability Derek Martin (Apr 14)
- <Possible follow-ups>
- RE: gzip TOCTOU file-permissions vulnerability Mark Senior (Apr 14)
- Re: gzip TOCTOU file-permissions vulnerability Derek Martin (Apr 14)
- Re: gzip TOCTOU file-permissions vulnerability devnull (Apr 15)
- Re: gzip TOCTOU file-permissions vulnerability Dmitry Yu. Bolkhovityanov (Apr 16)
- Re: gzip TOCTOU file-permissions vulnerability Peter J. Holzer (Apr 15)
- Re: gzip TOCTOU file-permissions vulnerability Scott Gifford (Apr 15)
- Re: gzip TOCTOU file-permissions vulnerability Steve Grubb (Apr 14)
- Re: gzip TOCTOU file-permissions vulnerability Martin Pitt (Apr 13)