Re: Potential security bug in fopen()

bug-glibc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential security bug in fopen()

From:	Michael Sweet
Subject:	Re: Potential security bug in fopen()
Date:	Wed, 07 Feb 2001 17:47:06 -0500

Ulrich Drepper wrote:
> 
> Michael Sweet <address@hidden> writes:
> 
> > I've had several reports of a potential symlink attack on some code
> > in CUPS; upon further investigation, it appears that fopen() is
> > unlink'ing the named file when the open mode is "w".
> 
> fopen does nothing like this.

Hmm, then why does a strace of a program that calls fopen() show
an unlink system call before the open?

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products                  address@hidden
Printing Software for UNIX                       http://www.easysw.com

[Prev in Thread]

Current Thread

[Next in Thread]

Potential security bug in fopen(), Michael Sweet, 2001/02/07
- Re: Potential security bug in fopen(), Ulrich Drepper, 2001/02/07
  - Re: Potential security bug in fopen(), Michael Sweet <=
    - Re: Potential security bug in fopen(), Ulrich Drepper, 2001/02/07
    - Re: Potential security bug in fopen(), Michael Sweet, 2001/02/07
    - Re: Potential security bug in fopen(), Andreas Jaeger, 2001/02/08
    - Re: Potential security bug in fopen(), Michael Sweet, 2001/02/08
    - Re: Potential security bug in fopen(), Wolfram Gloger, 2001/02/08
    - Re: Potential security bug in fopen(), Michael Sweet, 2001/02/08
    - Re: Potential security bug in fopen(), Michael Sweet, 2001/02/08

Prev by Date: Porting C library
Next by Date: Re: Potential security bug in fopen()
Previous by thread: Re: Potential security bug in fopen()
Next by thread: Re: Potential security bug in fopen()
Index(es):
- Date
- Thread