Re: [PATCH] The check of !S_ISDIR(sb.st_mode) in second time is wrong since it's already known to be false at that point.

Dmitri Paduchikh Sun, 18 Jan 2015 12:13:23 -0800

Hello,

I am afraid that my first message wasn't clear. Not from first look at
least. Sorry about that. Let me elaborate, I think it is probably a
security bug. makesocketpath() checks !S_ISDIR(sb.st_mode); when true it
returns with error. But then it checks !S_ISDIR(sb.st_mode) in second
time and it is definitely false at this point:


if (sb.st_uid != uid || (!S_ISDIR(sb.st_mode) &&
                sb.st_mode & (S_IRWXG|S_IRWXO)) != 0) {
                errno = EACCES;
                return (NULL);
        }

Being false it effectively disables the permission check. Hence, for
example, world-writable directory will pass.

------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
tmux-users mailing list
tmux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tmux-users

Re: [PATCH] The check of !S_ISDIR(sb.st_mode) in second time is wrong since it's already known to be false at that point.

Reply via email to