Re: [PATCH] O_DIRECTORY|O_CREAT handling

From: Andrew Pimlott
Date: Sun Dec 28 2003 - 13:19:05 EST

Next message: viro: "Re: [PATCH] O_DIRECTORY|O_CREAT handling"
Previous message: dan: "Blank Screen in 2.6.0"
Next in thread: viro: "Re: [PATCH] O_DIRECTORY|O_CREAT handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Dec 21, 2003 at 11:51:10AM +0100, Willy Tarreau wrote:
> base_dir="/tmp/tmpdir";
> do {
> rnd=random();
> sprintf(dir, "%s%d", base_dir, rnd);
> } while (!mkdir(dir, 0700);
> /* now I'm guaranteed that I'm the first to get this dir, */
> /* and only my UID can work in it */
> chdir(dir);
>
> So the only race would be someone working with the same UID (or root) removing
> the directory and replacing it with another one (or a symlink or anything)
> between mkdir() and chdir().

If /tmp isn't sticky, anyone can do this. I think this is the
scenario Ulrich was referring to.

Andrew
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: viro: "Re: [PATCH] O_DIRECTORY|O_CREAT handling"
Previous message: dan: "Blank Screen in 2.6.0"
Next in thread: viro: "Re: [PATCH] O_DIRECTORY|O_CREAT handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]