[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-kernel-audit
Subject:    Re: Weirdness with stat()
From:       Antonomasia <ant () notatla ! demon ! co ! uk>
Date:       2000-07-04 21:06:54
[Download RAW message or body]

> > struct stat *st;
> > 
> >    stat(CONFIG, st);
> >    if ((st->st_uid != 0) || (st->st_mode != 33152)) {
> >       fprintf(stderr, "Unsecure modes on configuration files\n");
> >       exit(1);
> >    }

> Neither, this is a bad use of stat.  In this case, st is an uninitialized
> pointer and you are having stat treat that as a pointer to some random
> location in memory which it dutifully fills with the stat information.
> Change your code to
> 
> struct stat st;              /* note not *st, just st */
> 
> stat(CONFIG, &st);           /* note &st not st */

You also want to test the return code of stat(); 0 if OK
before using any of the stuff like st->st_uid.


--
##############################################################
# Antonomasia   ant@notatla.demon.co.uk                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################

Kernel-audit:  discussion list for security and the linux kernel
Archive:       http://mail.nl.linux.org/kernel-audit/

[prev in list] [next in list] [prev in thread] [next in thread]