Hi Dne Mon, 03 Jan 2011 15:56:44 +0200 Shachar Shemesh <shac...@debian.org> napsal(a):
> In essence, it is impossible, as far as I know (patches welcome) to
> avoid a race when symlinks are involved (with specific exceptions). The
> assumption is, and has always been, that the directory resides inside a
> location that is secure from attacks.
>
> In this particular case, for example, you don't need this race at all.
> Simply do "ln -s /etc/passwd somefile" and ask root to write to
> somefile, with or without safewrite. That would work equally well, and
> does not require to race with anything.
>
> You might be wondering, if that is the case, why I'm unlinking
> somefile.tmp before opening it with O_CREAT|O_TRUNC. The reason is that
> it might have permissions (say, from a previous run that failed -
> unlikely, but not impossible) that prevent proper functioning. It has
> nothing to do with permissions.
I think what you are missing is (at least) O_NOFOLLOW.
--
Michal Čihař | http://cihar.com | http://blog.cihar.com
signature.asc
Description: PGP signature
