[Toybox] [landley/toybox] install -d -o USER -g GROUP DEST doesn't set uid/gid (#105)
Rob Landley
rob at landley.net
Sun Nov 18 13:33:11 PST 2018
On 11/17/18 8:22 PM, scsijon wrote:
>>
>
> Arn't they part of stat?
>
> I believe openbsd have a getfsuid(), though not sure how good it is.
Yeah, I could open(O_NOFOLLOW) the file, confirm it's a directory, fstat(),
fchown() with the same filehandle, and close(). It's just 3 times longer than
what I'm doing and still _feels_ racy. :(
The problem is mkdir/mknod don't return a filehandle to the newly created inode,
so there's a race condition between creating the entry and then doing something
else to it later. (That's why I'm using lchown(), so if somebody drops a symlink
the chown() doesn't follow it.)
The nice thing about checking attributes on the _process_ is I don't have to
worry about things changing in the world-visible filesystem between two
non-atomic operations in a way I didn't anticipate. (I can't immediately think
how this is exploitable, but my instincts are to not allow gaps where things can
be fiddled with where somebody cleverer than me thinks of something I didn't.
Read/gap-where-it-can-change/write is a race condition. Sometimes unavoidable,
but never something to be happy about in a general system tool running from
scripts.)
Rob
More information about the Toybox
mailing list