Date: Sun, 26 Nov 2000 19:10:03 -0800 From: Peter Wemm <peter@netplex.com.au> To: "Brian F. Feldman" <green@FreeBSD.org> Cc: Alfred Perlstein <bright@wintelcom.net>, obrien@FreeBSD.org, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/inetd builtins.c Message-ID: <200011270310.eAR3A3D44621@mobile.wemm.org> In-Reply-To: <200011262140.eAQLe2576200@green.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
"Brian F. Feldman" wrote: > Alfred Perlstein <bright@wintelcom.net> wrote: > > Because your "fix" was a gross hack on top of the gross hack already > > in place. > > Here, you can review this, then: How about the O_NOFOLLOW flag? It avoids the worst of the races because you can open and lstat and be immune to symlink races. > /* > - * If we were to lstat() here, it would do no good, since it > - * would introduce a race condition and could be defeated. > + * We can't stat() here since that would be a race > + * condition. > * Therefore, we open the file we have permissions to open > * and if it's not a regular file, we close it and end up > * returning the user's real username. > */ > fakeid_fd = open(p, O_RDONLY | O_NONBLOCK); Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011270310.eAR3A3D44621>