[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-kernel-audit
Subject: Re: Weirdness with stat()
From: Antonomasia <ant () notatla ! demon ! co ! uk>
Date: 2000-07-04 21:06:54
[Download RAW message or body]
> > struct stat *st;
> >
> > stat(CONFIG, st);
> > if ((st->st_uid != 0) || (st->st_mode != 33152)) {
> > fprintf(stderr, "Unsecure modes on configuration files\n");
> > exit(1);
> > }
> Neither, this is a bad use of stat. In this case, st is an uninitialized
> pointer and you are having stat treat that as a pointer to some random
> location in memory which it dutifully fills with the stat information.
> Change your code to
>
> struct stat st; /* note not *st, just st */
>
> stat(CONFIG, &st); /* note &st not st */
You also want to test the return code of stat(); 0 if OK
before using any of the stuff like st->st_uid.
--
##############################################################
# Antonomasia ant@notatla.demon.co.uk #
# See http://www.notatla.demon.co.uk/ #
##############################################################
Kernel-audit: discussion list for security and the linux kernel
Archive: http://mail.nl.linux.org/kernel-audit/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic