From kde-core-devel Wed Sep 08 03:56:10 2004 From: "Ian Reinhart Geiser" Date: Wed, 08 Sep 2004 03:56:10 +0000 To: kde-core-devel Subject: Small security patch for KTempFile Message-Id: <38379.66.92.236.216.1094615770.squirrel () 66 ! 92 ! 236 ! 216> X-MARC-Message: https://marc.info/?l=kde-core-devel&m=109461577517606 MIME-Version: 1 Content-Type: multipart/mixed; boundary="------=_20040907235610_31043" ------=_20040907235610_31043 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Greetings, I know this is probably not the most important security patch for KDE, but it has been on my drive here for over a year. Basicly it changes chown() to fchown() so the ownership operations are done on the fd vs the filename. I _think_ the operation remains unchanged, and I have not found an instance where it behaves badly. Opinions? Cheers -ian reinhart geiser -- -- +-Ian Reinhart Geiser geiseri@sourcextreme.com +-Vice President of Engineering +-http://www.sourcextreme.com +-It's not that we don't make mistakes, we just don't keep them around. ------=_20040907235610_31043 Content-Type: application/octet-stream; name="ktempfile-secure.patch" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="ktempfile-secure.patch" SW5kZXg6IGt0ZW1wZGlyLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09ClJDUyBmaWxlOiAvaG9tZS9rZGUva2RlbGli cy9rZGVjb3JlL2t0ZW1wZGlyLmNwcCx2CnJldHJpZXZpbmcgcmV2aXNpb24gMS4zCmRpZmYgLXUg LXIxLjMga3RlbXBkaXIuY3BwCi0tLSBrdGVtcGRpci5jcHAJMTMgQXVnIDIwMDMgMTk6NDc6Mzkg LTAwMDAJMS4zCisrKyBrdGVtcGRpci5jcHAJOCBTZXAgMjAwNCAwMzo0NzozNSAtMDAwMApAQCAt ODQsNiArODYsNyBAQAogICAgICAgIHJldHVybiBmYWxzZTsKICAgIH0KIAorICAgaW50IG5tZWZk ID0gb3BlbihubWUsT19SRFdSICk7CiAgICAvLyBnb3QgYSByZXR1cm4gdmFsdWUgIT0gMAogICAg UUNTdHJpbmcgcmVhbE5hbWVTdHIocmVhbE5hbWUpOwogICAgbVRtcE5hbWUgPSBRRmlsZTo6ZGVj b2RlTmFtZShyZWFsTmFtZVN0cikrIi8iOwpAQCAtOTIsMTMgKzk1LDE0IEBACiAgICBtb2RlX3Qg dG1wID0gMDsKICAgIG1vZGVfdCB1bXNrID0gdW1hc2sodG1wKTsKICAgIHVtYXNrKHVtc2spOwot ICAgY2htb2Qobm1lLCBtb2RlJih+dW1zaykpOworICAgZmNobW9kKG5tZWZkLCBtb2RlJih+dW1z aykpOwogCiAgICAvLyBTdWNjZXNzIQogICAgYkV4aXN0aW5nID0gdHJ1ZTsKIAogICAgLy8gU2V0 IHVpZC9naWQgKG5lY2Vzc2FyeSBmb3IgU1VJRCBwcm9ncmFtcykKLSAgIGNob3duKG5tZSwgZ2V0 dWlkKCksIGdldGdpZCgpKTsKKyAgIGZjaG93bihubWVmZCwgZ2V0dWlkKCksIGdldGdpZCgpKTsK KyAgIGNsb3NlKG5tZWZkKTsKICAgIHJldHVybiB0cnVlOwogfQogCg== ------=_20040907235610_31043--