Hi Roger, * Roger Leigh <[EMAIL PROTECTED]> [2007-11-26 23:21]: > Nico Golde <[EMAIL PROTECTED]> writes: [...] > > But this could introduce some race condition with permission or uid > > checks. This behaviour also prevents symlink attacks :) > > I'm not sure I see why, given that this is a config file--we aren't > writing to it, which would be a case for a symlink attack.
I did not check it, was just a thought. Don't know if for
example fetchmail when run as root will print out errors
that can be used to get sensitive information if the
fetchmailrc is linked for example to shadow. However, no
idea I did not check it.
> I'm unsure why fetchmail doesn't avoid the race altogether, by
> open()ing the file first, and then calling fstat(). This is race free
> because there's no delay between the stat and the open; the
> information is coming straight from the inode of the open fd.
True I agree with you here.
> > So we suggest to workaround this by either adding a hardlink (if this works
> > with git internals)
> > or executing -f - <"${HOME}/.fetchmailrc".
>
> Hardlinking won't work.
Why not?
> The latter is a good idea--I'll try that in the meantime.
Any results? Upstream regrets to implement this until you
raise your hand with a very good reason while I agree with
you because I also dont see a reason to not do this :)
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpEA8dsvSJdA.pgp
Description: PGP signature
