Menu
▾
▴
[Lcd4linux-devel] make lcd4linux secure!
|
From: Michael R. <re...@eu...> - 2004-05-25 20:08:33
|
Hi there, I want lcd4linux not to contain any potential security holes. As we don't have any networking, no client-server-model, no other fancy stuff, this risc is quite low. But lcd4linux is running as root, and therefore potentially dangerous. I'm worrying about a symlink security hole: The Image driver (was: Raster) creates files, without checking if they exist. If a user places a symlink, he may use lcd4linux to overwrite arbitrary files. Which I consider not to be nice. The output file of the raster driver is passed with the '-o path/file' option. To enshure that a potential reader always gets a complete file, the image is first written to a temp file, which will be rename(2)'ed afterwards. I see two problems here: 1. the temp file is opened with O_CREAT. If a symlink is already present, it's target will be overwritten. Some security HOWTO's say one should use O_CREAT|O_EXCL, which means that the call will fail if the file already exists. OTOH, the open(2) man page states that thios doesn't work over NFS :-( 2. the rename() will overwrite a symlink, too. Anybody out there with the experience how to solve such issues? I didn't find too much documentation out there, especially not for exactly the cases we're dealing with here. thanks, Michael -- Michael Reinelt Tel: +43 676 3079941 Geisslergasse 4 Fax: +43 316 692343 A-8045 Graz, Austria e-mail: re...@eu... |
