Marc Heuse wrote: > But now let's get to the "fix" proposed by some guys about checking the > device number and inode number before opening the file (lstat) and > afterwards (fstat). OK, it should be open(), lstat(), fstat(). This approach isn't necessary in this particular case, as you are checking the ownership, and the file is in a directory which (hopefully) has the sticky bit set. However, if this test isn't reliable (e.g. when you're creating a file in a user's home directory), then you need the lstat/fstat test. If you perform the lstat() after the file is opened, you can guarantee that the target hasn't been removed and re-created with the same inode number, as the inode can't be re-used while it is open. Comparing the st_dev/st_ino pair with the results from fstat() ensures that the lstat() really does refer to the file which you have opened. The one case for which I don't know of a solution (and there may not be one), is if a user creates a symlink to a device file or FIFO. In this case, simply open()ing the target can cause undesired effects. -- Glynn Clements <glynnat_private>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:40 PDT