Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: O_EXCL (was: How about MODDIR being configure'able?)

X-seq: zsh-workers 16062
From: Clint Adams <clint@xxxxxxx>
To: Wayne Davison <wayned@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: O_EXCL (was: How about MODDIR being configure'able?)
Date: Tue, 16 Oct 2001 00:12:04 -0400
Cc: zsh-workers@xxxxxxxxxx
In-reply-to: <Pine.LNX.4.21.0110152016290.4502-100000@xxxxxxxxxxxxxx>; from wayned@xxxxxxxxxxxxxxxxxxxxx on Mon, Oct 15, 2001 at 08:42:50PM -0700
Mailing-list: contact zsh-workers-help@xxxxxxxxxx; run by ezmlm
References: <20011015134107.A17772@xxxxxxxx> <Pine.LNX.4.21.0110152016290.4502-100000@xxxxxxxxxxxxxx>

> symlink" exploit.  The code that creates a file based on the return of
> mktemp() is all using O_EXCL, so we're OK.

Not entirely, though I can't imagine anyone attempting
malicious acts upon someone's zftp session.

Index: Src/Modules/zftp.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/Modules/zftp.c,v
retrieving revision 1.20
diff -u -r1.20 zftp.c
--- Src/Modules/zftp.c	2001/09/28 17:35:45	1.20
+++ Src/Modules/zftp.c	2001/10/16 04:06:41
@@ -1918,7 +1918,7 @@
      */
     if (zfstatfd == -1) {
 	fname = gettempname();
-	zfstatfd = open(fname, O_RDWR|O_CREAT, 0600);
+	zfstatfd = open(fname, O_RDWR|O_CREAT|O_EXCL, 0600);
 	DPUTS(zfstatfd == -1, "zfstatfd not created");
 #if defined(F_SETFD) && defined(FD_CLOEXEC)
 	/* If the shell execs a program, we don't want this fd left open. */

References:
- Re: How about MODDIR being configure'able?
  - From: Clint Adams
- Re: O_EXCL (was: How about MODDIR being configure'able?)
  - From: Wayne Davison

Messages sorted by: Reverse Date, Date, Thread, Author