> /* > The original version of this has two possible races which can cause > problems. > > The first is when the file we are about to open doesn't exist, in which > case there is a race between the lstat() and the open() in which someone > can create a symlink to anywhere. The file pointed at must not exist > but this still allows the creation of .rhosts etc. > >From mail.local.c: if (lstat(path, &sb)) { mbfd = open(path, O_APPEND|O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR); open(2) doesn't follow symlinks when O_CREAT and O_EXCL are set, so we don't have a race here. We're doing an lstat(2) to see if path exists, and to save information about path. > The second is harder as it must fool the check on the inode number etc. > I'm not sure if there really is a race here but I get the feeling that > someone *might* be able to almost fill a file-system, such that they get > the same inode number after the race. As we are checking device no as well as inode no, we again avoid race conditions. Cheers, Neil -- Let the Mystery Be, So Watcha Want, Longing In Their Hearts, Hate My Way, M-Bike, Safari, Uncle June and Aunt Kiyoti, Daisy Dead Petals, Tuff Gnarl. ...like a badger with an afro throwing sparklers at the Pope...