[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Safe file update library ready (sort of)


Dne Mon, 03 Jan 2011 15:56:44 +0200
Shachar Shemesh <shachar@debian.org> napsal(a):

> In essence, it is impossible, as far as I know (patches welcome) to 
> avoid a race when symlinks are involved (with specific exceptions). The 
> assumption is, and has always been, that the directory resides inside a 
> location that is secure from attacks.
> In this particular case, for example, you don't need this race at all. 
> Simply do "ln -s /etc/passwd somefile" and ask root to write to 
> somefile, with or without safewrite. That would work equally well, and 
> does not require to race with anything.
> You might be wondering, if that is the case, why I'm unlinking 
> somefile.tmp before opening it with O_CREAT|O_TRUNC. The reason is that 
> it might have permissions (say, from a previous run that failed - 
> unlikely, but not impossible) that prevent proper functioning. It has 
> nothing to do with permissions.

I think what you are missing is (at least) O_NOFOLLOW.

	Michal Čihař | http://cihar.com | http://blog.cihar.com

Attachment: signature.asc
Description: PGP signature

Reply to: