[PATCH 02/10] Change openFiles() to avoid race-based symlink attacks.
Julien Cristau
jcristau at debian.org
Tue Jan 5 10:18:16 PST 2010
From: Branden Robinson <branden at debian.org>
Forward-ported by Julien Cristau <jcristau at debian.org>.
---
auth.c | 22 +++++++++++++++++++++-
1 files changed, 21 insertions(+), 1 deletions(-)
diff --git a/auth.c b/auth.c
index d7cb30b..b80f16d 100644
--- a/auth.c
+++ b/auth.c
@@ -522,12 +522,32 @@ static int
openFiles (char *name, char *new_name, FILE **oldp, FILE **newp)
{
mode_t mask;
+ int newfd;
strcpy (new_name, name);
strcat (new_name, "-n");
+ /*
+ * Set safe umask for file creation operations.
+ */
mask = umask (0077);
+ /*
+ * Unlink the authorization file we intend to create, and then open
+ * it with O_CREAT | O_EXCL to avoid race-based symlink attacks.
+ */
(void) unlink (new_name);
- *newp = fopen (new_name, "w");
+ newfd = open (new_name, O_WRONLY | O_CREAT | O_EXCL, 0600);
+ if (newfd >= 0)
+ *newp = fdopen (newfd, "w");
+ else
+ {
+ LogError ("Cannot create file %s: %s\n", new_name,
+ _SysErrorMsg (errno));
+ *newp = NULL;
+ }
+ /*
+ * There are no more attempts to create files after this point;
+ * restore the original umask.
+ */
(void) umask (mask);
if (!*newp) {
Debug ("can't open new file %s\n", new_name);
--
1.6.5.7
More information about the xorg-devel
mailing list