Bugtraq mailing list archives
Re: Symlinks and Cryogenic Sleep
From: christos () ZOULAS COM (Christos Zoulas)
Date: Tue, 4 Jan 2000 17:42:31 -0500
On Jan 4, 12:11pm, babinebell () TRUSTCENTER DE (Goetz Babin-Ebell) wrote: -- Subject: Re: Symlinks and Cryogenic Sleep | At 21:24 03.01.00 +0100, Olaf Kirch wrote: | >Hi all, | Hallo Olaf, | | >when you're dealing with files in /tmp that are supposed to be re-opened | >(rather than opened once and then discarded) there's an established | >way to do it which goes like this: | > | > if (lstat(fname, &stb1) >= 0 && S_ISREG(stb1.st_mode)) { | > fd = open(fname, O_RDWR); | > if (fd < 0 || fstat(fd, &stb2) < 0 | > || ino_or_dev_mismatch(&stb1, &stb2)) | > raise_big_stink() | > } else { | > /* do the O_EXCL thing */ | > } | | I did something that way: | | FILE *DoOpen(const char *cpFile, long bAppend) | { | FILE *spNew; | FILE *spTest; | struct stat sStat; | Bug 1: Now you create a file if it does not exist, so I can use your little program as a denial of service attack. This is why open(O_RDWR) was used above instead of (O_RDWR|O_CREAT). | spTest = fopen(cpFile,"a"); | if (!spTest) | { | Log("ERR FILE OPEN",cpFile); | return NULL; | } Bug 2: You've just added a race condition; I could have renamed the file between the fopen() and lstat(). This is why the example is using fstat() | if (lstat(cpFile,&sStat)) | { Bug 3: Now you forgot to close the file before you returned. | Log("ERR STAT",cpFile); | return NULL; | } | if ((sStat.st_mode & S_IFMT) == S_IFLNK) | { | fclose(spTest); | Log("ERR ISLINK",cpFile); | return NULL; | } | if (bAppend) | spNew = spTest; | else | { Bug 4: You've just added another race condition; I could have renamed the file between the lstat() and fopen(). | spNew = freopen(cpFile,"w",spTest); | fclose(spTest); | } | if (!spNew) | { | Log("ERR FILE OPEN",cpFile); | return NULL; | } | return spFile; | } Moral of the story: Stick with the code in the example and don't roll your own; use fdopen() if you need stdio afterwards. I hope that you are not writing any security critical code... christos
Current thread:
- Symlinks and Cryogenic Sleep Olaf Kirch (Jan 03)
- Re: Symlinks and Cryogenic Sleep Mark A. Heilpern (Jan 03)
- Re: Symlinks and Cryogenic Sleep Casper Dik (Jan 04)
- Re: Symlinks and Cryogenic Sleep Olaf Kirch (Jan 04)
- Re: Symlinks and Cryogenic Sleep Henrik Nordstrom (Jan 04)
- First Telecom E-conso service totally insecure Thomas Quinot (Jan 03)
- Re: Symlinks and Cryogenic Sleep Goetz Babin-Ebell (Jan 04)
- Re: Symlinks and Cryogenic Sleep pedward () WEBCOM COM (Jan 04)
- Re: Symlinks and Cryogenic Sleep Christos Zoulas (Jan 04)
- Re: Symlinks and Cryogenic Sleep Mikael Olsson (Jan 05)
- Re: Symlinks and Cryogenic Sleep Marc Heuse (Jan 05)
- Re: Symlinks and Cryogenic Sleep Wietse Venema (Jan 04)
- Re: Symlinks and Cryogenic Sleep Pavel Machek (Jan 04)
- Security problem with Solstice Backup/Legato Networker recover command Chris Siebenmann (Jan 04)
- Local / Remote D.o.S Attack in IMail IMONITOR Server for WinNT Version 5.08 Ussr Labs (Jan 05)
- Re: Symlinks and Cryogenic Sleep Pavel Kankovsky (Jan 05)
- [RHSA-2000:002] New lpr packages available Bill Nottingham (Jan 07)
- <Possible follow-ups>
- Re: Symlinks and Cryogenic Sleep der Mouse (Jan 03)
- Re: Symlinks and Cryogenic Sleep Marc Heuse (Jan 04)
(Thread continues...)
- Re: Symlinks and Cryogenic Sleep Mark A. Heilpern (Jan 03)