[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Potential security bug in fopen()
From: |
Andreas Jaeger |
Subject: |
Re: Potential security bug in fopen() |
Date: |
08 Feb 2001 08:43:50 +0100 |
User-agent: |
Gnus/5.090001 (Oort Gnus v0.01) XEmacs/21.1 (Channel Islands) |
Michael Sweet <address@hidden> writes:
> Ulrich Drepper wrote:
> >
> > Michael Sweet <address@hidden> writes:
> >
> > > Hmm, then why does a strace of a program that calls fopen() show
> > > an unlink system call before the open?
> >
> > I don't know your code.
>
> Here is the basic code that was being used:
>
> FILE *fp;
> int fd;
>
>
> fd = open("/tmp/filename", O_CREAT | O_TRUNC | O_EXCL, 0600);
> close(fd);
>
> ...
>
> fp = fopen("/tmp/filename", "w");
>
> The bug report we got indicated that an strace of the code showed:
>
> open
> close
> unlink
> open
There's no unlink in any of the libio directories except in some test
programs:
gee:/cvs/libc:[1]$ grep unlink libio/*
grep: libio/CVS: Is a directory
grep: libio/bits: Is a directory
libio/tst-widetext.c: unlink (name);
libio/tst-widetext.c: unlink (name);
libio/tst_wprintf2.c: unlink (name);
gee:/cvs/libc:[2]$ grep unlink stdio-common/*
grep: stdio-common/CVS: Is a directory
stdio-common/test-vfprintf.c: unlink (buf);
stdio-common/tst-fmemopen.c: unlink (TEST_FILE);
stdio-common/tst-fseek.c: unlink (fname);
stdio-common/tst-ungetc.c: unlink (name);
I agree with Ulrich that the user code seems to be the problem.
Get the sourcecode for glibc (either from ftp.gnu.org or it's mirror
or check the CVS archive via http://sources.redhat.com/glibc) and
check it yourself if you don't believe us.
Andreas
--
Andreas Jaeger
SuSE Labs address@hidden
private address@hidden
http://www.suse.de/~aj