My point isn't so much that there is a race, or a sec vuln or something. My point is that on my systems:
$HOME may be on NFS. $HOME/.xsession-errors is a symlink to /usr/local/home/$USER/.xsession-errors $HOME/.xsession-errors.old is a symlink to /usr/local/home/$USER/.xsession-errors.old The obvious think is to just call readlink on logfile to canonicalize the filename. The readlink manpage specifies a way to do this 'sort of' safely. lstat(path) # to get the size of the symlink dest. allocate string of correct size. readlink(path) Check that the path we got from readlink was size bytes. Now obviously the link can be replaced (at readlink()) time, but readlink would return EINVAL then. Once we have the 'canonical' name we can call rename on that. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1108518 Title: lightdm should not rename() .xsession-errors, as it may be a symlink To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1108518/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
