[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Small security patch for KTempFile
From: "Ian Reinhart Geiser" <geiseri () yahoo ! com>
Date: 2004-09-08 3:56:10
Message-ID: 38379.66.92.236.216.1094615770.squirrel () 66 ! 92 ! 236 ! 216
[Download RAW message or body]
Greetings,
I know this is probably not the most important security patch for KDE, but
it has been on my drive here for over a year.
Basicly it changes chown() to fchown() so the ownership operations are
done on the fd vs the filename. I _think_ the operation remains
unchanged, and I have not found an instance where it behaves badly.
Opinions?
Cheers
-ian reinhart geiser
--
--
+-Ian Reinhart Geiser geiseri@sourcextreme.com
+-Vice President of Engineering
+-http://www.sourcextreme.com
+-It's not that we don't make mistakes, we just don't keep them around.
["ktempfile-secure.patch" (application/octet-stream)]
Index: ktempdir.cpp
===================================================================
RCS file: /home/kde/kdelibs/kdecore/ktempdir.cpp,v
retrieving revision 1.3
diff -u -r1.3 ktempdir.cpp
--- ktempdir.cpp 13 Aug 2003 19:47:39 -0000 1.3
+++ ktempdir.cpp 8 Sep 2004 03:47:35 -0000
@@ -84,6 +86,7 @@
return false;
}
+ int nmefd = open(nme,O_RDWR );
// got a return value != 0
QCString realNameStr(realName);
mTmpName = QFile::decodeName(realNameStr)+"/";
@@ -92,13 +95,14 @@
mode_t tmp = 0;
mode_t umsk = umask(tmp);
umask(umsk);
- chmod(nme, mode&(~umsk));
+ fchmod(nmefd, mode&(~umsk));
// Success!
bExisting = true;
// Set uid/gid (necessary for SUID programs)
- chown(nme, getuid(), getgid());
+ fchown(nmefd, getuid(), getgid());
+ close(nmefd);
return true;
}
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic