Hi Feri,, On Thu, Feb 11, 2021 at 11:26:47AM +0100, wf...@niif.hu wrote: > Hi, > > The patch in this bug report very much shrinks the window of the > vulnerability, but doesn't close it completely: the file is still > created with default permissions, then chmodded as a separate step. > It's hard, but not impossible to still win the race and open the file > before the chmod, enabling the same attack. I recommend something like > > fd = open(dstFileName, O_WRONLY|O_CREAT|O_EXCL, 0600); > if (fd != -1) > f = fdopen( fd, "wb" ); > if (fd == -1 || f == NULL) > DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno)); > return f; > > for example.
See #982519 respectively https://github.com/facebook/zstd/issues/2491 upstream. Regards, Salvatore
