[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: [LightDM] Version 1.0.6 released
From:       Guido Berhoerster <gber () opensuse ! org>
Date:       2011-11-22 22:51:36
Message-ID: 20111122225135.GE10743 () wopr
[Download RAW message or body]

* Yves-Alexis Perez <corsac@debian.org> [2011-11-22 22:39]:
> On ven., 2011-11-11 at 13:27 -0500, Marc Deslauriers wrote:
> > On Fri, 2011-11-11 at 10:05 +0000, John Haxby wrote:
> > > On 11/11/11 08:06, Guido Berhoerster wrote:
> > > > Replacing the file between the lstat and the open would change
> > > > its inode and then be caught by the check before the fchown, no?
> > > 
> > > Nope.   There is no reason why the same inode should not be reused.
> > > 
> > > On ext4 (btrfs seems to be different):
> > > 
> > > $ touch test; ls -i test; rm test; touch test; ls -i test
> > > 656078 test
> > > 656078 test
> > > 
> > > jch
> > 
> > How about the attached patch?
> > 
> > Marc.
> 
> Note that O_NOFOLLOW seems to be Linux-only. Any idea how to handle it
> on other ports?

No, it's specified in POSIX.1-2008, at least Linux, FreeBSD and
Solaris 10 implemented it long before that.
-- 
Guido Berhoerster
[prev in list] [next in list] [prev in thread] [next in thread]