Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Adobe Acrobat creates world writable ~/AdobeFnt.lst files

From: Darren Moffat <Darren.Moffat () eng sun com>
Date: Wed, 22 Aug 2001 13:34:19 -0700 (PDT)
Adobe Acrobat creates world writable ~/AdobeFnt.lst files

...

Another possible workaround would be to create a shared object that
replaced the open/chmod calls that change the permissions on the file,
this could then be LD_PRELOAD'd so that acroread doesn't do the wrong 

thing.


Using truss on Solaris we can easily see that acroread actually makes
an explicit call to set the permissions to 0666.


And what if that call fails?


What call ?

Note this code doesn't compile and is intended only as an outline of
what could be done.  dlsym is how this is done on Solaris but there
are equivalent calls in most systems that have dynamic linking.

include <sys/types.h>
#include <dlfcn.h>
#include <stdio.h>
#include <stdlib.h>

static int fd = -1;

int open(const char *path, int oflag, ...)
{
        static int (*fptr)(const char *path, int oflag, ...) = 0;

        if (fptr == 0) {
            fptr = dlsym(RTLD_NEXT, "open");
            if (fptr == NULL) {
                (void) printf("dlopen: %s\n", dlerror());
                return NULL;
            }
        }

        if (strcmp(path, fntlst) == 0)
                fd = ((*fptr)(path, oflag));
                return (fd);
        else {
                return ((*fptr)(path, oflag));
        }
}

int fchmod(int fildes, mode_t mode)
{
        static int (*fptr)(int fildes, mode_t mode) = 0;

        if (fptr == 0) {
            fptr = dlsym(RTLD_NEXT, "fchmod");
            if (fptr == NULL) {
                (void) printf("dlopen: %s\n", dlerror());
                return NULL;
            }
        }

        if ((fd != -1) && (fildes == fd)) {
                mode = 0600;
        }

        return ((*fptr)(fildes, mode));
}

int close(int fildes)
{
        static int (*fptr)(int fildes, mode_t mode) = 0;

        if (fptr == 0) {
            fptr = dlsym(RTLD_NEXT, "fchmod");
            if (fptr == NULL) {
                (void) printf("dlopen: %s\n", dlerror());
                return NULL;
            }
        if (fd == fildes) {
                fd = -1;
        }

        return ((*fptr(fildes));
}



chattr +i will do miracles, I imagine.


The world is not Linux on ext2fs.  Also that may break something else,
you don't really want AdobeFnt.lst being an imutable file, you just want
correct permissions on it.

--
Darren J Moffat
Previous By Date Next
Previous By Thread Next

Current thread: