Bugtraq mailing list archives
Re: open() races in general
From: glynn () SENSEI CO UK (Glynn Clements)
Date: Tue, 17 Nov 1998 05:43:33 +0000
Marc Heuse wrote:
But now let's get to the "fix" proposed by some guys about checking the device number and inode number before opening the file (lstat) and afterwards (fstat).
OK, it should be open(), lstat(), fstat(). This approach isn't necessary in this particular case, as you are checking the ownership, and the file is in a directory which (hopefully) has the sticky bit set. However, if this test isn't reliable (e.g. when you're creating a file in a user's home directory), then you need the lstat/fstat test. If you perform the lstat() after the file is opened, you can guarantee that the target hasn't been removed and re-created with the same inode number, as the inode can't be re-used while it is open. Comparing the st_dev/st_ino pair with the results from fstat() ensures that the lstat() really does refer to the file which you have opened. The one case for which I don't know of a solution (and there may not be one), is if a user creates a symlink to a device file or FIFO. In this case, simply open()ing the target can cause undesired effects. -- Glynn Clements <glynn () sensei co uk>
Current thread:
- Re: Xinetd /tmp race? (long) Marc Heuse (Nov 15)
- Re: open() races in general Glynn Clements (Nov 16)