Hi Dne Mon, 03 Jan 2011 15:56:44 +0200 Shachar Shemesh <shachar@debian.org> napsal(a): > In essence, it is impossible, as far as I know (patches welcome) to > avoid a race when symlinks are involved (with specific exceptions). The > assumption is, and has always been, that the directory resides inside a > location that is secure from attacks. > > In this particular case, for example, you don't need this race at all. > Simply do "ln -s /etc/passwd somefile" and ask root to write to > somefile, with or without safewrite. That would work equally well, and > does not require to race with anything. > > You might be wondering, if that is the case, why I'm unlinking > somefile.tmp before opening it with O_CREAT|O_TRUNC. The reason is that > it might have permissions (say, from a previous run that failed - > unlikely, but not impossible) that prevent proper functioning. It has > nothing to do with permissions. I think what you are missing is (at least) O_NOFOLLOW. -- Michal Čihař | http://cihar.com | http://blog.cihar.com
Attachment:
signature.asc
Description: PGP signature