diff options
author | Branden Robinson <branden@debian.org> | 2010-01-05 16:40:21 +0000 |
---|---|---|
committer | Julien Cristau <jcristau@debian.org> | 2010-01-12 18:08:17 +0000 |
commit | 11d6aa0b392daef2900681b70960d8be4ada89a9 (patch) | |
tree | cd0cfa4fd9eff17c0d1670e710673a90ea354b15 | |
parent | cd6b6d5f78e92725d6466d138f5441d791e58212 (diff) |
Change openFiles() to avoid race-based symlink attacks.
Forward-ported by Julien Cristau <jcristau@debian.org>.
Signed-off-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@sun.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
-rw-r--r-- | auth.c | 22 |
1 files changed, 21 insertions, 1 deletions
@@ -522,12 +522,32 @@ static int openFiles (char *name, char *new_name, FILE **oldp, FILE **newp) { mode_t mask; + int newfd; strcpy (new_name, name); strcat (new_name, "-n"); + /* + * Set safe umask for file creation operations. + */ mask = umask (0077); + /* + * Unlink the authorization file we intend to create, and then open + * it with O_CREAT | O_EXCL to avoid race-based symlink attacks. + */ (void) unlink (new_name); - *newp = fopen (new_name, "w"); + newfd = open (new_name, O_WRONLY | O_CREAT | O_EXCL, 0600); + if (newfd >= 0) + *newp = fdopen (newfd, "w"); + else + { + LogError ("Cannot create file %s: %s\n", new_name, + _SysErrorMsg (errno)); + *newp = NULL; + } + /* + * There are no more attempts to create files after this point; + * restore the original umask. + */ (void) umask (mask); if (!*newp) { Debug ("can't open new file %s\n", new_name); |