[Opendnssec-user] svn r6114
Bernhard Reutner-Fischer
rep.dot.nop at gmail.com
Thu Feb 2 12:22:19 UTC 2012
On 2 February 2012 10:25, Matthijs Mekking <matthijs at nlnetlabs.nl> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Bernhard,
>
> mkstemp returns a file descriptor (int), while for printing the zone,
> I expect a stream (FILE*). What symlink problems do you expect?
It seems that the signer will usually not run with higher privileges,
but still, avoiding potential symlink attacks is always a good thing.
The zonefile-name is known, let's say i make a symlink called
/the/zone-name.tmp to /etc/nologin (won't do much harm unless the signer
runs as root but will prevent the signer to work), /dev/log, some socket that
is under my control, etc. You get the idea.
As to the FILE*:
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <unistd.h>
#include <sys/stat.h>
int main(void) {
char template[] = "/var/tmp/or_var_lib_ods_tmp.DELME.12321.XXXXXX";
int fd = mkstemp(template);
/* for some very good reason(?) i absolutely must use buffered I/O ..*/
FILE *file = fdopen(fd, "w");
if (file == NULL) {
printf("ERROR: %s", strerror(errno));
exit(EXIT_FAILURE);
}
fprintf(file, "something\n");
fclose(file);
chmod(template, 0640);
rename(template, "/tmp/done");
exit(EXIT_SUCCESS);
}
>
> I agree that logging problems with rename() would be useful, I will
> apply your patch.
Great, thanks!
More information about the Opendnssec-user
mailing list