[Opendnssec-user] svn r6114

Bernhard Reutner-Fischer rep.dot.nop at gmail.com
Thu Feb 2 12:22:19 UTC 2012

On 2 February 2012 10:25, Matthijs Mekking <matthijs at nlnetlabs.nl> wrote:
> Hash: SHA1
> Hi Bernhard,
> mkstemp returns a file descriptor (int), while for printing the zone,
> I expect a stream (FILE*). What symlink problems do you expect?

It seems that the signer will usually not run with higher privileges,
but still, avoiding potential symlink attacks is always a good thing.
The zonefile-name is known, let's say i make a symlink called
/the/zone-name.tmp to /etc/nologin (won't do much harm unless the signer
runs as root but will prevent the signer to work), /dev/log, some socket that
is under my control, etc. You get the idea.

As to the FILE*:

#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <unistd.h>
#include <sys/stat.h>
int main(void) {
        char template[] = "/var/tmp/or_var_lib_ods_tmp.DELME.12321.XXXXXX";
        int fd = mkstemp(template);
        /* for some very good reason(?) i absolutely must use buffered I/O ..*/
        FILE *file = fdopen(fd, "w");
        if (file == NULL) {
                printf("ERROR: %s", strerror(errno));
        fprintf(file, "something\n");
        chmod(template, 0640);
        rename(template, "/tmp/done");

> I agree that logging problems with rename() would be useful, I will
> apply your patch.

Great, thanks!

More information about the Opendnssec-user mailing list