[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#11108: [PATCH] chmod: fix symlink race condition
|
From: |
Paul Eggert |
|
Subject: |
bug#11108: [PATCH] chmod: fix symlink race condition |
|
Date: |
Wed, 28 Mar 2012 11:11:29 -0700 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.1) Gecko/20120209 Thunderbird/10.0.1 |
On 03/28/2012 12:36 AM, Jim Meyering wrote:
> I presume you'll update NEWS, too, where you can say
> [bug introduced in the beginning]
Thanks, good point. I did that in the version I just committed
to the master.
> I note also that this doesn't protect anyone who is using
> a system that lacks both fchmodat and lchmod.
Right; I put that in the NEWS entry.
There are still problems, in the sense that the attacker
can use a hard link to target any visible file on the same filesystem,
by using hard links; but this problem is unavoidable.
> we'd have to openat each file to get a file descriptor,
> then fstat that FD to verify it's the same dev/ino as
> found by the fts-run stat call, and only then, call fchmod.
This might be useful to close other (more-subtle) races
involving things like hard-link manipulation and chmod +X,
where the new mode depends on the old. A general problem
with using 'open' for this sort of thing, though,
is that 'open' can have side effects on devices. I wish
there was a variant of 'open' guaranteed to never
hang and never have side effects; then we could play this
sort of game more reliably.