On Dec 22 15:14, Eric Blake wrote: > CVS coreutils now uses <sys/fcntl.h>'s O_NOFOLLOW, when > available, to avoid a data race when changing directories while > avoiding symlinks (necessary for some traversal algorithms). Normally, > calling lstat() to prove something is a directory, followed by chdir(), > is a security risk, since lstat() could see a directory, then the attacker > replaces the directory with a symlink, so that the program then > changes to the wrong directory. But on platforms like newer Linux > where O_NOFOLLOW causes open() to fail when opening symlinks, > the sequence open(), fstat(), fchdir(), close() avoids the race > by proving that the target is still a directory and has not been > replaced by a symlink at the last minute.
It would actually be trivial to implement, but I'm wondering that coreutils can't do the same without O_NOFOLLOW. The sequence lstat, open, fstat, lstat.st_ino == fstat.st_ino should make pretty clear if the directory in the lstat call is still the same directory in the open call. Am I missing something? Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
