[432] in bugtraq
Re: Race conditions
daemon@ATHENA.MIT.EDU (Jonathan M. Bresler)
Thu Dec 8 11:38:25 1994
Date: Thu, 8 Dec 1994 08:54:36 -0500 (EST)
From: "Jonathan M. Bresler" <jmb@kryten.Atinc.COM>
To: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
Cc: bugtraq@fc.net
In-Reply-To: <199412080141.UAA16920@Collatz.McRCIM.McGill.EDU>
On Wed, 7 Dec 1994, der Mouse wrote:
> To open a file, which should already exist:
>
> - lstat() the path, check that lstat succeeded
> - check that it's acceptable (eg, not a symlink :-)
> - open() (without O_CREAT), check that the open succeeded
> - fstat() the fd returned by open
> - if the lstat and fstat st_ino and st_dev fields match,
> accept.
if you want to allow symlinks but not allow the race, try:
-open() the file without privelege, save the inode #
-open() the file withe privelege, compare the inode #'s
if the symlink has been switched on you (the cracker won the
race), the inode #'s will differ. if he did the switch before the first
open(), that open() will fail.
Jonathan M. Bresler jmb@kryten.atinc.com | Analysis & Technology, Inc.
| 2341 Jeff Davis Hwy
play go. | Arlington, VA 22202
ride bike. hack FreeBSD.--ah the good life | 703-418-2800 x346
