On 2008 Nov 24, at 10:36, dpuu wrote:
On Nov 23, 3:56 pm, [EMAIL PROTECTED] (Brandon S. Allbery KF8NH)
wrote:
I think you're seeing something other than what we are. Checking any
external resource before operating on it introduces a race condition
which can allow an attacker to swap resources on you, so the item you
(in this case) chown() isn't the one you tested.
If the "chown" is restricted then it's going to fail anyway, assuming
that the underlying Unix function fails. If "chown" can succeed
incorrectly then there's nothing that P6 can do to prevent that. My
Still misunderstanding, I think. Yes, it will fail anyway, but in the
general case you're checking to see if as a privileged process it is
safe to operate on a given file. In such case the correct thing to do
is relinquish privilege and then simply do the operation, trapping any
error --- not testing and then doing it.
(I grant this isn't quite the same thing --- unless you're trying to
decide if your root process should chown() a file on behalf of an
unprivileged process.)
--
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] [EMAIL PROTECTED]
system administrator [openafs,heimdal,too many hats] [EMAIL PROTECTED]
electrical and computer engineering, carnegie mellon university KF8NH
