On Fri, 13 Nov 1998, Marc Heuse wrote: > + dump_fd = open( dump_file, O_WRONLY + O_CREAT + O_EXCL, DUMP_FILE_MODE ) ; > + if ( dump_fd == -1 ) > + { > + if ( lstat( dump_file, &stat) != 0) > + { > + msg( LOG_ERR, func, "failed to open %s: %m", dump_file ) ; > + return ; > + } > + if (stat.st_uid != getuid()) > + { > + msg( LOG_ERR, func, "security: I'm not owning %s: %m", dump_file ) ; > + return ; > + } > + dump_fd = open( dump_file, O_WRONLY + O_APPEND) ; > + } ln /etc/passwd /tmp/whatever_the_filename_was I wonder whether my first message suggesting to create a file under a randomized filename (with mkstemp() for instance) and rename (which should be safer) ended into Aleph1's /dev/null ;) strcpy(tmp_filename, "/path/blahXXXXXX"); dump_fd = mkstemp(tmp_filename); if (dump_fd != -1) { if (rename(tmp_filename, real_filename) == -1) { save_errno = errno; close(dump_fd); dump_fd = -1; unlink(tmp_filename); errno = save_errno; } } (of course, one must be careful not to introduce a buffer overrun during tmp_filename construction) --Pavel Kankovsky aka Peak [ Boycott Czech Telecom--http://www.bojkot.cz ] "spt Telecom... ted zdrazujeme zitrek!" [ Engl. lang. info-- .../english/ ]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:14 PDT