From owner-freebsd-security@FreeBSD.ORG Sat Apr 13 18:29:54 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 6D6FCBF7 for ; Sat, 13 Apr 2013 18:29:54 +0000 (UTC) (envelope-from petur@petur.eu) Received: from mail-la0-x236.google.com (mail-la0-x236.google.com [IPv6:2a00:1450:4010:c03::236]) by mx1.freebsd.org (Postfix) with ESMTP id EB8D2F6E for ; Sat, 13 Apr 2013 18:29:53 +0000 (UTC) Received: by mail-la0-f54.google.com with SMTP id ec20so3378137lab.27 for ; Sat, 13 Apr 2013 11:29:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:content-type:subject:message-id:date:to :mime-version:x-mailer:x-gm-message-state; bh=3Q/WrTA/u8Dyqwami+4x1tXhFBQ/5fweagPIAWX1Ye4=; b=XzYoXcoE+7ctWA7gf373jyezncjZSwHP72AZC1I+IeMwPxTUppSO9gFZuxLdDWFfTm Jc0z7EgDXjfvHuapYXuyMXBwwwdC6UZHxalej/ZRoBTgcPQZnauFHss/tdhMXz7Jf+e/ Xr3g5xBEj8a41I/sOKVCZroG6k2YjwiYvwuBBp6IulVt/+CNF2KX4OJxZrdr3paD7m9H y960b8DDzUy/iCn+yKnOITPYrGehoJNWwkKfiHMsXFZel8NqrKxskPNTGGX77crEEVBQ EnwLkMW/KAEjcchoD8DiTUSOimhG8ix1T5nLEGv3T6F+0UUfICaquxFaGedjY3zDjdiZ NwFA== X-Received: by 10.152.19.105 with SMTP id d9mr7641701lae.3.1365877792520; Sat, 13 Apr 2013 11:29:52 -0700 (PDT) Received: from [10.0.0.3] ([130.225.243.68]) by mx.google.com with ESMTPS id 10sm5256310laq.8.2013.04.13.11.29.51 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 13 Apr 2013 11:29:51 -0700 (PDT) From: =?iso-8859-1?Q?P=E9tur_Ingi_Egilsson?= Subject: File descriptors Message-Id: Date: Sat, 13 Apr 2013 20:29:52 +0200 To: freebsd-security@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\)) X-Mailer: Apple Mail (2.1503) X-Gm-Message-State: ALoCoQkaQ+61ndkozxyWoxD2Si0JazIf9+Pl7+KFk8yV6kVp5CQYi3y7AvXQ/FiVvBnktaugKOJZ X-Mailman-Approved-At: Sat, 13 Apr 2013 23:27:31 +0000 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Apr 2013 18:29:54 -0000 I noticed that if I execute the following code, then the program is able = to read the file even if the files' permissions are changed around the = /mark/ section in such a way that the UID under which the program is = running should not have any permission to read the file. This is not a desirable behaviour. How can I prevent this behaviour on my system? #include #include int main(int argc, char **argv) { if (argc !=3D 2) { printf("Usage: %s filename\n", argv[0]); exit(EXIT_FAILURE); } FILE *fd; char *line =3D NULL; size_t len =3D 0; fd =3D fopen(argv[2], "r"); /* mark */ if (fd =3D=3D NULL) { exit(EXIT_FAILURE); } while (getline(&line, &len, fd) !=3D -1) { printf("%s", line); } fclose(fd); exit(EXIT_SUCCESS); }