[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Race-condition ?
|
From: |
Gaëtan LEURENT |
|
Subject: |
Re: Race-condition ? |
|
Date: |
Sun, 26 Jun 2005 21:52:03 +0200 |
|
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (usg-unix-v) |
Richard M. Stallman wrote on 26 Jun 2005 06:46:13 +0200:
> Would you like to check some of them?
I'll look at it.
> The crucial question is, does a call to set-file-modes introduce a
> worse problem than what existed anyway. For instance, if someone
> could put a hardlink where you will chmod it, could he also put a
> hardlink where you will write the contents of the file?
Yes, that needs to be checked in each case.
In the case of copy_file, someone could put a hardlink when you write
the file, but then emacs should warn you that the file already exist
(you should never overwrite files in public writable directories
because it is unsafe -- you must first delete the file).
In fact, by looking again at the code of Fcopy_file, I see that the way
emacs does it is also vulnerable to race-conditions attack: we first
check if the file exist with barf_or_query_if_file_exists, and then we
open the file (it is also done in a few other functions in fileio.c). If
the file was created in-between, it will be overwritten without any
warning. The correct way to do this is to open the file with
O_CREAT|O_EXCL and ask the user what to do if it fails with EEXIST. As
far as I know, it's the only way to check for the existence of a file
and create it atomically.
I don't know how we should fix this one, maybe by replacing
barf_or_query_if_file_exists with some
open_and_barf_or_query_if_file_exists ?
--
Gaëtan LEURENT
- Re: Race-condition ? (was: "Preserve owner and group" on MSDOS/Windows), (continued)
Re: Race-condition ? (was: "Preserve owner and group" on MSDOS/Windows), Richard M. Stallman, 2005/06/26
Re: Race-condition ? (was: "Preserve owner and group" on MSDOS/Windows), Richard M. Stallman, 2005/06/26