Menu
▾
▴
Re: [Lcd4linux-devel] make lcd4linux secure!
|
From: Michael R. <re...@eu...> - 2004-05-26 12:15:07
|
Hi,
>>Yes, that's easy, but contains a race conditions:
>>
>>if (file exists and/or is a symlink) {
>> unlink (file)
>>}
>>open (file, O_CREAT)
>>
>>This one looks clean, doesn't it? But there's a small window just before
>>the open() call, where a hacker could create the symlink, and it's
>>contents would be overwritten by lcd4linux.
>>You absolutely _have to_ use atomic operations here.
>
> Or you should do
> if(file is a symlink) {
> error and quit
> }
> before writing to the file. So, there's no problem anymore.
Well, this may be a clean solution. BUT the same race condition is here:
if(file is a symlink) {
error and quit
}
/* possible race condition here */
open (file, O_CREAT)
> Moreover, I
> don't think the user is able to create a symlink within the small delay
> between the if and the open.
Believe me, he is. He could try to do that i a loop, create some
tousands of symlinks a second. Then he just has to wait...
Your approach is one of the reasons for at least some of the security
holes out there.
http://en.tldp.org/HOWTO/Secure-Programs-HOWTO/avoid-race.html
bye, Michael
--
Michael Reinelt Tel: +43 676 3079941
Geisslergasse 4 Fax: +43 316 692343
A-8045 Graz, Austria e-mail: re...@eu...
|
