kxkb speedups for stable branch
Waldo Bastian
bastian at kde.org
Sun Jun 23 22:48:23 BST 2002
On Sunday 23 June 2002 06:32 am, Adriaan de Groot wrote:
> On Saturday 22 June 2002 18:13, you wrote:
> > > 3) Is there a teeny-tiny race condition where you use the KTempFile to
> > > create a filename for the temporary stuff and then later use that
> > > filename?
> >
> > I considered it and realized its not a problem, since KTempFile creates
> > a random file which currently doesn't exist and the chances that someone
> > will place a symlink right between the object creation and file creation
> > are non-existant.
>
> Actually, that's the very definition of a race condition. A determined
> attacker is going to _try_hard_ to create that symlink, and overwrite some
> useful file of yours with xkbd output. "The chances" are definitely _not_
> non-existent. They may be miniscule, but with security issues you need to
> avoid even the minuscule chances.
There is no race-condition as far as I can see. The temporary file is created
and then later this file written to. There is no way you can change this file
to a symlink without first deleting the file and an attacker isn't supposed
to have permission to delete the file.
The better solution would be to keep the KTempFile around instead of only the
filename and to pass KTempFile::fstream() to getCompiledLayout()
Just change m_compiledLayoutFileNames from QString to KTempFile.
Cheers,
Waldo
--
bastian at kde.org | SuSE Labs KDE Developer | bastian at suse.com
More information about the kde-core-devel
mailing list