The open() system call in f8 really broken...
Jakub Jelinek
jakub at redhat.com
Thu Aug 16 15:27:29 UTC 2007
On Thu, Aug 16, 2007 at 11:16:54AM -0400, Steve Dickson wrote:
> Oliver Falk wrote:
> >Most developers I know, don't worry about >warnings<, but do if their
> >code aborts. If a developer then doesn't worry about the real (security)
> >problem, but only about the abort itself and just workaround that - it's
> >simply a fault... The other option? stderr "FIX YOUR OPEN :-P"; sleep
> >600. :-)
> >
> >If you compile the whole Fedora tree, how many warnings will you see?
> >How many warnings are about 'better use mkstemp' - for security
> >reasons... If you don't abort you'll not catch the developers
> >attention... It's too bad, but true... Don't want to step on dev's toes
> >of course - it's for sure not true for *all* developers!
> I was talking about runtime warnings... Really nasty looking messages
> so they couldn't be ignored...
Even a runtime warning is a wrong thing to do, aborting immediately is the
only sane thing.
If you let it through, it can create a file with random mode. Say if a root
process creates a file with 4777 perms, do you really want to risk that
while that process is scheduled away somebody copies a shell into that file
and runs it?
Jakub
More information about the Fedora-maintainers
mailing list