Bugtraq mailing list archives
Re: Possible SERIOUS bug in open()?
From: mem () MV MV COM (Mark E. Mallett)
Date: Sat, 25 Oct 1997 15:45:21 -0400
What about the higher flag bits? (O_APPEND, O_CREAT, ...)
ah, right.
this would be much more clear and much less error-prone if this was done explicitely instead of with a clever hack that obfuscates the operation.
Agreed. Heck, for clarity I even prefer a style of if (flags == 0) over if (!flags) but I'm probably the only one.
Implementing it in this way makes it clear what to do: switch(uap->flags & O_ACCMODE) { case O_RDONLY: lowbits = FREAD; break; case O_WRONLY: lowbits = FWRITE; break; case O_RDWR: lowbits = FREAD | FWRITE; break; default: return EINVAL; } flags = (uap->flags & ~O_ACCMODE) | lowbits;
Would probably want to move this above the opening falloc() also. mm
Current thread:
- Re: Possible SERIOUS bug in open()? Aleph One (Oct 23)
- a bug in IRIX open() as well [was Re: Possible SERIOUS bug in Mike Kienenberger (Oct 24)
- Vulnerability in metamail Alan Cox (Oct 24)
- Re: Possible SERIOUS bug in open()? Theo de Raadt (Oct 24)
- Re: Possible SERIOUS bug in open()? Theo de Raadt (Oct 24)
- Re: Possible SERIOUS bug in open()? Mark E. Mallett (Oct 24)
- Re: Possible SERIOUS bug in open()? Tim Newsham (Oct 25)
- Re: Possible SERIOUS bug in open()? Mark E. Mallett (Oct 25)
- SECURITY: metamail update (fwd) Raymond Dijkxhoorn (Oct 25)
- Re: Possible SERIOUS bug in open()? Tim Newsham (Oct 25)