Bugtraq mailing list archives
Re: gzip TOCTOU file-permissions vulnerability
From: "Peter J. Holzer" <hjp () wsr ac at>
Date: Fri, 15 Apr 2005 13:31:48 +0200
On 2005-04-14 09:27:11 -0600, Mark Senior wrote:
From: Derek Martin [mailto:code () pizzashack org] Sent: April 13, 2005 08:50 The open() call is at fault here. If instead of being called with a mode of RW_USER, it is called with the final intended access mode, there is no need to later call chmod(), and the problem is averted.One wrinkle - if the file is not intended to have user write permission on it, and gzip (unzip/cpio/pax...) initially created it with the intended permissions, there would be no way to then write the file.
I don't know about Windows, but on POSIX systems you can create a file without write permissions and still write to it. A small example from the shell: bernon:~/tmp 12:58 121% umask 0777 bernon:~/tmp 12:58 122% echo foo > bar bernon:~/tmp 12:58 123% ll bar ---------- 1 hjp sysadm 4 Apr 15 12:58 bar As you can see, the file has no permissions, but still length 4. This trick is sometimes used for lock files. hp -- _ | Peter J. Holzer \Beta means "we're down to fixing misspelled comments in |_|_) | Sysadmin WSR \the source, and you might run into a memory leak if | | | hjp () wsr ac at \you enable embedded haskell as a loadable module and __/ | http://www.hjp.at/ \write your plugins upside-down in lisp". --ae () op5 se
Attachment:
_bin
Description:
Current thread:
- Re: gzip TOCTOU file-permissions vulnerability, (continued)
- Re: gzip TOCTOU file-permissions vulnerability Derek Martin (Apr 13)
- Re: gzip TOCTOU file-permissions vulnerability Peter J. Holzer (Apr 13)
- Re: gzip TOCTOU file-permissions vulnerability Joey Hess (Apr 13)
- Re: gzip TOCTOU file-permissions vulnerability psz (Apr 14)
- Re: gzip TOCTOU file-permissions vulnerability Theodor Milkov (Apr 15)
- Re: gzip TOCTOU file-permissions vulnerability Derek Martin (Apr 14)
- RE: gzip TOCTOU file-permissions vulnerability Mark Senior (Apr 14)
- Re: gzip TOCTOU file-permissions vulnerability Derek Martin (Apr 14)
- Re: gzip TOCTOU file-permissions vulnerability devnull (Apr 15)
- Re: gzip TOCTOU file-permissions vulnerability Dmitry Yu. Bolkhovityanov (Apr 16)
- Re: gzip TOCTOU file-permissions vulnerability Peter J. Holzer (Apr 15)
- Re: gzip TOCTOU file-permissions vulnerability Scott Gifford (Apr 15)
- Re: gzip TOCTOU file-permissions vulnerability Steve Grubb (Apr 14)