[2731] in bugtraq
Re: Publically writable directories
daemon@ATHENA.MIT.EDU (David DeSimone)
Mon Jun 17 19:46:11 1996
Date: Mon, 17 Jun 1996 16:53:30 -0500
Reply-To: David DeSimone <fox@rsn.hp.com>
From: David DeSimone <fox@mikey.convex.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199606171306.JAA16513@tigger.itc.Virginia.EDU> from "Bill
Pemberton" at Jun 17, 96 09:06:09 am
Bill Pemberton wrote:
>
> You need to open it like so:
>
> fp_handle = open(fname, O_RDWR|O_CREAT|O_EXCL,0600)
>
>
> The open() call does not follow symlinks.
This is not really true; only the final component of the pathname is
checked for symlinking. From the man page:
O_EXCL If O_EXCL and O_CREAT are set, open() will
fail if the file exists. This can be used to
implement a simple exclusive access locking
mechanism. If O_EXCL is set and the last com-
ponent of the pathname is a symbolic link, the
open will fail even if the symbolic link
points to a non-existent name.
This protects against someone creating a file with 666 permissions and
hoping that you will open the file and start writing into it. It also
protects against someone creating a link to a name that does not exist,
hoping that you will create it. However, it does not stop someone
from creating a symlink further up the path. But with a path like
"/tmp/file.$$", this isn't much of an issue.
--
David DeSimone | "The doctrine of human equality reposes on this:
fox@convex.hp.com | that there is no man really clever who has not
Hewlett-Packard | found that he is stupid." -- Gilbert K. Chesterson
Convex Division | PGP: 5B 47 34 9F 3B 9A B0 0D AB A6 15 F1 BB BE 8C 44
