[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: The open() system call in f8 really broken...



On Thu, Aug 16, 2007 at 11:16:54AM -0400, Steve Dickson wrote:
> Oliver Falk wrote:
> >Most developers I know, don't worry about >warnings<, but do if their
> >code aborts. If a developer then doesn't worry about the real (security)
> >problem, but only about the abort itself and just workaround that - it's
> >simply a fault... The other option? stderr "FIX YOUR OPEN :-P"; sleep
> >600. :-)
> >
> >If you compile the whole Fedora tree, how many warnings will you see?
> >How many warnings are about 'better use mkstemp' - for security
> >reasons... If you don't abort you'll not catch the developers
> >attention... It's too bad, but true... Don't want to step on dev's toes
> >of course - it's for sure not true for *all* developers!
> I was talking about runtime warnings... Really nasty looking messages
> so they couldn't be ignored...

Even a runtime warning is a wrong thing to do, aborting immediately is the
only sane thing.
If you let it through, it can create a file with random mode.  Say if a root
process creates a file with 4777 perms, do you really want to risk that
while that process is scheduled away somebody copies a shell into that file
and runs it?

	Jakub


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]