KSaveFile
Jörg Walter
jwalt-kde at garni.ch
Mon Feb 23 11:07:00 GMT 2004
On Saturday, 21. February 2004 22:20, Richard Smith wrote:
> On Saturday 21 February 2004 9:13 pm, Waldo Bastian wrote:
> > On Sat February 21 2004 18:01, Julian Rockey wrote:
[...]
> > > Should we be remembering the permissions of the original file and
> > > re-setting them after the renaming? I can patch it if required.
> >
> > Probably a good idea, yes.
>
> Resetting them before renaming (or even writing to the file at all) would
> be better, otherwise you still have a race where someone can read the file
> before it's moved and chmod'd (if, for instance, the file's not supposed to
> be group readable).
There's still a race condition in your model. You should open() it with mode
0600 and then chmod, otherwise this can happen (B is the attacker):
1. A opens file, mode 0644 (or whatever umask is set)
2. B opens file immediately thereafter, is granted the open, but file is empty
3. A chmods to 0600, then writes, finally renames
4. B is still allowed to read
(very small timeframe to get at it, but DNOTIFY makes these timing attacks
work quite reliably)
Solution: Pass mode 0600 to open(), since you're chmodding afterwards anyways.
--
CU
Joerg
PGP Public Key at http://ich.bin.kein.hoschi.de/~trouble/public_key.asc
PGP Key fingerprint = D34F 57C4 99D8 8F16 E16E 7779 CDDC 41A4 4C48 6F94
More information about the kde-core-devel
mailing list