[Nano-devel] [PATCH 2/2] use futimens() if available, instead of utime()

nano-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Nano-devel] [PATCH 2/2] use futimens() if available, instead of utime()

From:	Kamil Dudka
Subject:	[Nano-devel] [PATCH 2/2] use futimens() if available, instead of utime()
Date:	Thu, 19 Aug 2010 15:34:12 +0200
User-agent:	KMail/1.13.5 (Linux/2.6.33.6-147.2.4.fc13.x86_64; KDE/4.4.5; x86_64; ; )

Hello,

the attached patch eliminates a race condition on the call of utime()
on systems that have futimens().  In the current code, there is a similar
flaw as described in CVE-2010-1161.  Though it's not possible to change
the ownership of the backup file using a symlink attack, it's still possible 
to change it's atime/mtime.  With the patch applied, there is no such
problem as long as futimens() is available during the build time.

Thanks in advance for considering the patch!

Kamil

0002-use-futimens-if-available-instead-of-utime.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

[Nano-devel] [PATCH 2/2] use futimens() if available, instead of utime(), Kamil Dudka <=

Prev by Date: [Nano-devel] [PATCH 1/2] check stat's result and avoid calling stat on a NULL pointer
Previous by thread: [Nano-devel] [PATCH 1/2] check stat's result and avoid calling stat on a NULL pointer
Index(es):
- Date
- Thread