artswrapper's new braces (Re: artswrapper defanged)
Waldo Bastian
bastian at kde.org
Sat Aug 10 01:25:37 BST 2002
On Thursday 08 August 2002 08:28 pm, Kevin Puetz wrote:
> Waldo Bastian wrote:
> > On Wednesday 07 August 2002 08:28 pm, Kevin Puetz wrote:
> >> There is a (very) slight race in the checking of the permissions on the
> >> file... however, since the permission being looked for is ownership by
> >> root, the only user who could make anything of it is root. Since root
> >> had the right to make the module trusted anyway, this gains no elevation
> >> of priveledge.
> >
> > You should use lstat then, otherwise an attacker can make a symlink that
> > switches very fast between a root-owned module and a malicious module to
> > exploit this race condition.
>
> that's a good point, but why do I want lstat? I thought it was stat that
> looked through the link to check the target, and lstat which checked the
> link itself. At least that's my manpages say...
Yes... but you don't WANT to follow the link because that link might be the
link of an attacker. So you must either make sure that it isn't a link, or at
least that is a trusted link.
Cheers,
Waldo
--
bastian at kde.org | SuSE Labs KDE Developer | bastian at suse.com
More information about the kde-core-devel
mailing list