bug-glibc
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential security bug in fopen()


From: Michael Sweet
Subject: Re: Potential security bug in fopen()
Date: Wed, 07 Feb 2001 18:41:22 -0500

Ulrich Drepper wrote:
> 
> Michael Sweet <address@hidden> writes:
> 
> > Hmm, then why does a strace of a program that calls fopen() show
> > an unlink system call before the open?
> 
> I don't know your code.

Here is the basic code that was being used:

    FILE *fp;
    int fd;


    fd = open("/tmp/filename", O_CREAT | O_TRUNC | O_EXCL, 0600);
    close(fd);

    ...

    fp = fopen("/tmp/filename", "w");

The bug report we got indicated that an strace of the code showed:

    open
    close
    unlink
    open

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products                  address@hidden
Printing Software for UNIX                       http://www.easysw.com



reply via email to

[Prev in Thread] Current Thread [Next in Thread]