Re: Race conditions
Pat Myrto (rwing!pat@ole.cdac.com)
Fri, 9 Dec 94 7:50:36 PST
"In the previous message, Jason Matthews said..."
>
> On Wed, 7 Dec 1994, Michael Bresnahan wrote:
>
> > How does one code a suid program so that it evades these problems with
> > symlink race conditions? Is there a way to atomically check if a file
> > is a symlink and open it, or is there another stratedgy?
>
>
> Simply do not use any temporary files...
>
And if a temp file MUST be made, use the mkstemp() call to generate the
name and open it. Mkstemp() atomically generates the tempname from the
template, opens the file and returns a handle. As the manpage says,
mkstemp() eliminates the race condition between testing if a file exists,
and the opening of the tmp file. Like mktemp(), mkstemp() uses a
template containing six X's, and modifies it in place. Unlike mktemp(),
instead of returning a char * pointiong to the string passed to it,
mkstemp() returns a file handle to a file open for reading and writing.
I haven't tried it with a symlink pointing to a nonexistant file having
the name mkstemp() will use initially ('a' and the PID) to
see if mkstemp() will fail (or choose another letter, like 'b' in the
tempname). That will be an interesting test when I get a few moments.
> Jason
>
> ----------------------------------------------------------------------------
> jason@dickory.sdsu.edu San Diego State University
> jason@mentor.sdsu.edu College of Engineering
> jason@BOOM.extern.ucsd.edu Electrical*Computer Engineering
> ----------------------------------------------------------------------------
> The following email address are no longer valid
> odn@LoD.amaranth.com
> ----------------------------------------------------------------------------
>
>
>
>
--
pat@rwing [If all fails, try: rwing!pat@eskimo.com] Pat Myrto - Seattle WA
"No one has the right to destroy another person's belief by demanding
empirical evidence." -- Ann Landers, nationally syndicated advice columnist
and Director at Handgun Control Inc.