On Fri, 13 Nov 1998, Marc Heuse wrote:
> + dump_fd = open( dump_file, O_WRONLY + O_CREAT + O_EXCL, DUMP_FILE_MODE ) ;
> + if ( dump_fd == -1 )
> + {
> + if ( lstat( dump_file, &stat) != 0)
> + {
> + msg( LOG_ERR, func, "failed to open %s: %m", dump_file ) ;
> + return ;
> + }
> + if (stat.st_uid != getuid())
> + {
> + msg( LOG_ERR, func, "security: I'm not owning %s: %m", dump_file ) ;
> + return ;
> + }
> + dump_fd = open( dump_file, O_WRONLY + O_APPEND) ;
> + }
ln /etc/passwd /tmp/whatever_the_filename_was
I wonder whether my first message suggesting to create a file under a
randomized filename (with mkstemp() for instance) and rename (which
should be safer) ended into Aleph1's /dev/null ;)
strcpy(tmp_filename, "/path/blahXXXXXX");
dump_fd = mkstemp(tmp_filename);
if (dump_fd != -1) {
if (rename(tmp_filename, real_filename) == -1) {
save_errno = errno;
close(dump_fd); dump_fd = -1;
unlink(tmp_filename);
errno = save_errno;
}
}
(of course, one must be careful not to introduce a buffer overrun
during tmp_filename construction)
--Pavel Kankovsky aka Peak [ Boycott Czech Telecom--http://www.bojkot.cz ]
"spt Telecom... ted zdrazujeme zitrek!" [ Engl. lang. info-- .../english/ ]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:14 PDT