[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#12947: address@hidden: Bug#598018: install: temporary insecure file
From: |
Bernhard Voelker |
Subject: |
bug#12947: address@hidden: Bug#598018: install: temporary insecure file permissions] |
Date: |
Wed, 21 Nov 2012 11:27:24 +0100 (CET) |
On November 21, 2012 at 3:12 AM Paul Eggert <address@hidden> wrote:
> I pushed this [...]
This is more of a question, and I may be wrong,
but isn't here still a race afterwards?
execve("src/ginstall", ["src/ginstall", "-g", "video", "-m",
"664", "src/ginstall", "/tmp/g"], ...) = 0
...
stat("src/ginstall", {st_dev=makedev(8, 16), st_ino=134447,
st_mode=S_IFREG|0755, st_nlink=1,
st_uid=1000, st_gid=100, ...}) = 0
lstat("/tmp/g", 0x7fff6458b750) = -1 ENOENT (No such file or
directory)
open("src/ginstall", O_RDONLY) = 3
fstat(3, {st_dev=makedev(8, 16), st_ino=134447,
st_mode=S_IFREG|0755, st_nlink=1,
st_uid=1000, st_gid=100, ...}) = 0
open("/tmp/g", O_WRONLY|O_CREAT|O_EXCL, 0600) = 4
fstat(4, {st_dev=makedev(8, 2), st_ino=18846,
st_mode=S_IFREG|0600, st_nlink=1,
st_uid=1000, st_gid=100, ...}) = 0
fadvise64(3, 0, 0, POSIX_FADV_SEQUENTIAL) = 0
read(3, ..., 65536) = 65536
write(4, ..., 65536) = 65536
...
fchmod(4, 0600) = 0
close(4) = 0
close(3) = 0
<== ... race? ... ==>
lchown("/tmp/g", 4294967295, 33) = 0
chmod("/tmp/g", 0664) = 0
I.e., after closing FDs 4 and 3, the file "/tmp/g" could
have been replaced. Why aren't we using fchown and
fchmod_or_lchmod before the close() call?
Have a nice day,
Berny