Re: Race conditions

Jonathan M. Bresler (jmb@kryten.Atinc.COM)
Thu, 8 Dec 1994 08:54:36 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ollivier Robert: "Re: new version of fingerd"
Previous message: Sten Drescher: "Re: Got this - not sure of authenticity. Better safe etc..."
In reply to: der Mouse: "Re: Race conditions"
Next in thread: Luke Mewburn: "Re: Race conditions"

On Wed, 7 Dec 1994, der Mouse wrote:

> To open a file, which should already exist:
> 
> 	- lstat() the path, check that lstat succeeded
> 	- check that it's acceptable (eg, not a symlink :-)
> 	- open() (without O_CREAT), check that the open succeeded
> 	- fstat() the fd returned by open
> 	- if the lstat and fstat st_ino and st_dev fields match,
> 	  accept.

	if you want to allow symlinks but not allow the race, try:

	-open() the file without privelege, save the inode #
	-open() the file withe privelege, compare the inode #'s

	if the symlink has been switched on you (the cracker won the 
race), the inode #'s will differ.  if he did the switch before the first 
open(), that open() will fail.

Jonathan M. Bresler  jmb@kryten.atinc.com	| Analysis & Technology, Inc.  
						| 2341 Jeff Davis Hwy
play go.					| Arlington, VA 22202
ride bike. hack FreeBSD.--ah the good life	| 703-418-2800 x346

Next message: Ollivier Robert: "Re: new version of fingerd"
Previous message: Sten Drescher: "Re: Got this - not sure of authenticity. Better safe etc..."
In reply to: der Mouse: "Re: Race conditions"
Next in thread: Luke Mewburn: "Re: Race conditions"