Menu
▾
▴
Re: [Lcd4linux-devel] make lcd4linux secure!
|
From: Xavier V. <xav...@fr...> - 2004-05-26 11:02:51
|
> Hello Michael !
> > Maybe you should do it like I did in plugin_i2c_sensors to check we have
> > a directory :
> > it did "if ((dir->d_type!=DT_DIR && dir->d_type!=DT_LNK)" to check if
> > it's a dir or a symlink. You should check if it isN'T a symlink but a
> > true file. I don't know how to get this d_type for a special file, I did
> > it with readdir.
>
> Yes, that's easy, but contains a race conditions:
>
> if (file exists and/or is a symlink) {
> unlink (file)
> }
> open (file, O_CREAT)
>
> This one looks clean, doesn't it? But there's a small window just before
> the open() call, where a hacker could create the symlink, and it's
> contents would be overwritten by lcd4linux.
> You absolutely _have to_ use atomic operations here.
Or you should do
if(file is a symlink) {
error and quit
}
before writing to the file. So, there's no problem anymore. Moreover, I
don't think the user is able to create a symlink within the small delay
between the if and the open.
Bye !
--
Xavier VELLO <xav...@fr...>
|
