bug-glibc
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential security bug in fopen()


From: Andreas Jaeger
Subject: Re: Potential security bug in fopen()
Date: 08 Feb 2001 08:43:50 +0100
User-agent: Gnus/5.090001 (Oort Gnus v0.01) XEmacs/21.1 (Channel Islands)

Michael Sweet <address@hidden> writes:

> Ulrich Drepper wrote:
> > 
> > Michael Sweet <address@hidden> writes:
> > 
> > > Hmm, then why does a strace of a program that calls fopen() show
> > > an unlink system call before the open?
> > 
> > I don't know your code.
> 
> Here is the basic code that was being used:
> 
>     FILE *fp;
>     int fd;
> 
> 
>     fd = open("/tmp/filename", O_CREAT | O_TRUNC | O_EXCL, 0600);
>     close(fd);
> 
>     ...
> 
>     fp = fopen("/tmp/filename", "w");
> 
> The bug report we got indicated that an strace of the code showed:
> 
>     open
>     close
>     unlink
>     open

There's no unlink in any of the libio directories except in some test
programs:

gee:/cvs/libc:[1]$ grep unlink libio/*
grep: libio/CVS: Is a directory
grep: libio/bits: Is a directory
libio/tst-widetext.c:  unlink (name);
libio/tst-widetext.c:  unlink (name);
libio/tst_wprintf2.c:  unlink (name);
gee:/cvs/libc:[2]$ grep unlink stdio-common/*
grep: stdio-common/CVS: Is a directory
stdio-common/test-vfprintf.c:  unlink (buf);
stdio-common/tst-fmemopen.c:  unlink (TEST_FILE);
stdio-common/tst-fseek.c:  unlink (fname);
stdio-common/tst-ungetc.c:  unlink (name);


I agree with Ulrich that the user code seems to be the problem.

Get the sourcecode for glibc (either from ftp.gnu.org or it's mirror
or check the CVS archive via http://sources.redhat.com/glibc) and
check it yourself if you don't believe us.


Andreas
-- 
 Andreas Jaeger
  SuSE Labs address@hidden
   private address@hidden
    http://www.suse.de/~aj



reply via email to

[Prev in Thread] Current Thread [Next in Thread]