Re: mail.local.c patch

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Anonymous the XXIIV: "MAILING REQUEST"
• Previous message: Jon Peatfield: "mail.local.c patch"
• In reply to: Jon Peatfield: "mail.local.c patch"
• Next in thread: Christopher Samuel: "Re: mail.local.c patch"

> /* 
>  The original version of this has two possible races which can cause
>  problems.
>     
>  The first is when the file we are about to open doesn't exist, in which
>  case there is a race between the lstat() and the open() in which someone
>  can create a symlink to anywhere.  The file pointed at must not exist
>  but this still allows the creation of .rhosts etc.
>

>From mail.local.c:

        if (lstat(path, &sb)) {
                mbfd = open(path,
                    O_APPEND|O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);

open(2) doesn't follow symlinks when O_CREAT and O_EXCL are set, so we
don't have a race here.  We're doing an lstat(2) to see if path exists,
and to save information about path.
   
>  The second is harder as it must fool the check on the inode number etc.
>  I'm not sure if there really is a race here but I get the feeling that
>  someone *might* be able to almost fill a file-system, such that they get
>  the same inode number after the race.

As we are checking device no as well as inode no, we again avoid race
conditions.

Cheers,

Neil
-- 
Let the Mystery Be, So Watcha Want, Longing In Their Hearts, Hate My Way,
M-Bike, Safari, Uncle June and Aunt Kiyoti, Daisy Dead Petals, Tuff Gnarl.

     ...like a badger with an afro throwing sparklers at the Pope...

• Next message: Anonymous the XXIIV: "MAILING REQUEST"
• Previous message: Jon Peatfield: "mail.local.c patch"
• In reply to: Jon Peatfield: "mail.local.c patch"
• Next in thread: Christopher Samuel: "Re: mail.local.c patch"