Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Thu, 12 Nov 1998 11:09:07 -0100
From: =?iso-8859-1?Q?Jes=FAs?= Cea =?iso-8859-1?Q?Avi=F3n?= <jcea@ARGO.ES>
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: Xinetd /tmp race?

> BTW here's the patch:
[...]
> +       if (!(stat(dump_file,
[...]
>         dump_fd = open( dump_file, O_WRONLY + O_CREAT + O_APPEND,

Your patch is vulnerable to race attack. A script issuing "kill -HUP"
and creating links in "/tmp" will succeed in the long run.

Try open with O_CREAT|O_EXCL or lstat+open+fstat.

--
Jesus Cea Avion                         _/_/      _/_/_/        _/_/_/
jcea@argo.es http://www.argo.es/~jcea/ _/_/    _/_/  _/_/    _/_/  _/_/
                                      _/_/    _/_/          _/_/_/_/_/
PGP Key Available at KeyServ   _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibnitz

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: