Re: Potential security bug in fopen()

bug-glibc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential security bug in fopen()

From:	Wolfram Gloger
Subject:	Re: Potential security bug in fopen()
Date:	Thu, 8 Feb 2001 10:31:54 +0100 ("MET)

Hello,

> Here is the basic code that was being used:

I created this test:

#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>

int main()
{
    FILE *fp;
    int fd;

    fd = open("/tmp/filename", O_CREAT | O_TRUNC | O_EXCL, 0600);
    close(fd);

    fp = fopen("/tmp/filename", "w");
    fclose(fp);
    return 0;
}

> The bug report we got indicated that an strace of the code showed:
> 
>     open
>     close
>     unlink
>     open

I tried this on an i586 glibc-2.1.3 system and got definitely _no_
unlink.

Regards,
Wolfram.

[Prev in Thread]

Current Thread

[Next in Thread]

Potential security bug in fopen(), Michael Sweet, 2001/02/07
- Re: Potential security bug in fopen(), Ulrich Drepper, 2001/02/07
  - Re: Potential security bug in fopen(), Michael Sweet, 2001/02/07
    - Re: Potential security bug in fopen(), Ulrich Drepper, 2001/02/07
    - Re: Potential security bug in fopen(), Michael Sweet, 2001/02/07
    - Re: Potential security bug in fopen(), Andreas Jaeger, 2001/02/08
    - Re: Potential security bug in fopen(), Michael Sweet, 2001/02/08
    - Re: Potential security bug in fopen(), Wolfram Gloger <=
    - Re: Potential security bug in fopen(), Michael Sweet, 2001/02/08
    - Re: Potential security bug in fopen(), Michael Sweet, 2001/02/08

Prev by Date: Your opinion about a patch for GNU gettext
Next by Date: Compiling GLIBC-2.2.1
Previous by thread: Re: Potential security bug in fopen()
Next by thread: Re: Potential security bug in fopen()
Index(es):
- Date
- Thread