locking: prevent a symlink attack by not opening an existing lock file
If in between the unlink() in delete_lockfile() and the fopen() in
write_lockfile() some other process creates a symlink in the place
of the lock file, then the fopen() could unexpectedly overwite a
root-owned file (when the user is root).
This basically reverts the previous commit, b4299f4f
, but makes the
code a bit conciser.
master
parent
b4299f4f4e
commit
10800ee410
12
src/files.c
12
src/files.c
|
@ -129,6 +129,7 @@ bool write_lockfile(const char *lockfilename, const char *filename, bool modifie
|
||||||
struct passwd *mypwuid = getpwuid(myuid);
|
struct passwd *mypwuid = getpwuid(myuid);
|
||||||
char myhostname[32];
|
char myhostname[32];
|
||||||
struct stat fileinfo;
|
struct stat fileinfo;
|
||||||
|
int fd;
|
||||||
FILE *filestream;
|
FILE *filestream;
|
||||||
char *lockdata;
|
char *lockdata;
|
||||||
size_t wroteamt;
|
size_t wroteamt;
|
||||||
|
@ -150,12 +151,17 @@ bool write_lockfile(const char *lockfilename, const char *filename, bool modifie
|
||||||
if (!delete_lockfile(lockfilename))
|
if (!delete_lockfile(lockfilename))
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
/* Create lock file (or truncate existing one) and open it for writing. */
|
/* Create the lockfile -- do not accept an existing one. */
|
||||||
filestream = fopen(lockfilename, "wb");
|
fd = open(lockfilename, O_WRONLY|O_CREAT|O_EXCL, RW_FOR_ALL);
|
||||||
|
|
||||||
if (filestream == NULL) {
|
if (fd > 0)
|
||||||
|
filestream = fdopen(fd, "wb");
|
||||||
|
|
||||||
|
if (fd < 0 || filestream == NULL) {
|
||||||
statusline(MILD, _("Error writing lock file %s: %s"),
|
statusline(MILD, _("Error writing lock file %s: %s"),
|
||||||
lockfilename, strerror(errno));
|
lockfilename, strerror(errno));
|
||||||
|
if (fd > 0)
|
||||||
|
close(fd);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue