[bug #17427] CVE-2005-1039, chmod race in mkdir, mkfifo, mknod

[Paul Eggert]

Update of bug #17427 (project coreutils):

                  Status:                    None => Wont Fix               
             Open/Closed:                    Open => Closed                 

    _______________________________________________________

Follow-up Comment #1:

[I also replied to the Debian bug list, but here's another copy.]

This patch doesn't look safe to me.  mkfifo and mknod should not open
device files or fifos, since this has undesirable side effects in some
cases.  For example, opening and then closing a tape drive might
rewind it.

As I wrote in April 2005, the original security issue is not a
vulnerability in coreutils; it's a problem inherent to the Unix model.
We cannot "fix" it by patching coreutils (and hundreds of other
utilities).  We must simply say: users cannot rely on directories that
are writeable by untrusted users, unless the directories are sticky
and are owned by trusted users.  Sorry, but that's life in the
Unix/Linux world.

That being said, mkdir can be made a bit "safer".  It cannot be made
completely "safe", though, in the sense that you're asking for, since
in some cases mkdir won't be able to read the newly-created directory
(and therefore can't open it) but POSIX still requires mkdir to chmod
it in this case.  Hence the patch you submitted here isn't quite
right, since it sometimes gives up when it shouldn't.  We have fixed
mkdir a different way in coreutils test version 6.1
<ftp://alpha.gnu.org/gnu/coreutils/coreutils-6.1.tar.gz>, so that it
uses fchmod if possible, and falls back on chmod otherwise.


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?17427>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/