[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential security bug in fopen()

From: Michael Sweet
Subject: Re: Potential security bug in fopen()
Date: Wed, 07 Feb 2001 17:47:06 -0500

Ulrich Drepper wrote:
> Michael Sweet <address@hidden> writes:
> > I've had several reports of a potential symlink attack on some code
> > in CUPS; upon further investigation, it appears that fopen() is
> > unlink'ing the named file when the open mode is "w".
> fopen does nothing like this.

Hmm, then why does a strace of a program that calls fopen() show
an unlink system call before the open?

Michael Sweet, Easy Software Products                  address@hidden
Printing Software for UNIX                       http://www.easysw.com

reply via email to

[Prev in Thread] Current Thread [Next in Thread]