[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Potential security bug in fopen()
From: |
Michael Sweet |
Subject: |
Re: Potential security bug in fopen() |
Date: |
Wed, 07 Feb 2001 17:47:06 -0500 |
Ulrich Drepper wrote:
>
> Michael Sweet <address@hidden> writes:
>
> > I've had several reports of a potential symlink attack on some code
> > in CUPS; upon further investigation, it appears that fopen() is
> > unlink'ing the named file when the open mode is "w".
>
> fopen does nothing like this.
Hmm, then why does a strace of a program that calls fopen() show
an unlink system call before the open?
--
______________________________________________________________________
Michael Sweet, Easy Software Products address@hidden
Printing Software for UNIX http://www.easysw.com