KSaveFile
Julian Rockey
linux at jrockey.com
Mon Feb 23 19:59:55 GMT 2004
On Monday 23 Feb 2004 11:07, Jörg Walter wrote:
> On Saturday, 21. February 2004 22:20, Richard Smith wrote:
> > On Saturday 21 February 2004 9:13 pm, Waldo Bastian wrote:
> > > On Sat February 21 2004 18:01, Julian Rockey wrote:
>
> [...]
>
> There's still a race condition in your model. You should open() it with
> mode 0600 and then chmod, otherwise this can happen (B is the attacker):
>
> 1. A opens file, mode 0644 (or whatever umask is set)
But I thought mkstemps creates the file with 0600? (at least in recent
glibc's)
cheers
Julian
> 2. B opens file immediately thereafter, is granted the open, but file is
> empty 3. A chmods to 0600, then writes, finally renames
> 4. B is still allowed to read
>
> (very small timeframe to get at it, but DNOTIFY makes these timing attacks
> work quite reliably)
>
> Solution: Pass mode 0600 to open(), since you're chmodding afterwards
> anyways.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20040223/a89ae6ba/attachment.sig>
More information about the kde-core-devel
mailing list