[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Potential security bug in fopen()
From: |
Michael Sweet |
Subject: |
Re: Potential security bug in fopen() |
Date: |
Wed, 07 Feb 2001 18:41:22 -0500 |
Ulrich Drepper wrote:
>
> Michael Sweet <address@hidden> writes:
>
> > Hmm, then why does a strace of a program that calls fopen() show
> > an unlink system call before the open?
>
> I don't know your code.
Here is the basic code that was being used:
FILE *fp;
int fd;
fd = open("/tmp/filename", O_CREAT | O_TRUNC | O_EXCL, 0600);
close(fd);
...
fp = fopen("/tmp/filename", "w");
The bug report we got indicated that an strace of the code showed:
open
close
unlink
open
--
______________________________________________________________________
Michael Sweet, Easy Software Products address@hidden
Printing Software for UNIX http://www.easysw.com