[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Potential security bug in fopen()

From: Michael Sweet
Subject: Potential security bug in fopen()
Date: Wed, 07 Feb 2001 17:13:52 -0500


I've had several reports of a potential symlink attack on some code
in CUPS; upon further investigation, it appears that fopen() is
unlink'ing the named file when the open mode is "w".

This opens up the possibility of a symlink attack if a symlink is
introduced after the unlink() but prior to the open().  In addition,
fopen() should fail if an existing file is owned by another user
(the current code will bypass this security)

Michael Sweet, Easy Software Products                  address@hidden
Printing Software for UNIX                       http://www.easysw.com

reply via email to

[Prev in Thread] Current Thread [Next in Thread]