>You run your program, but I have created a simlink in /tmp with the
>same name (because the name is guessable).
I run my program, it opens the file. The program will either open
the file in a way that *ensures* a genuine new file is created,
or the next step will be testing wether I got a genuine file
or some hackish symlink.
Seems to me the former can be achieved by using O_NOFOLLOW.
The latter can be achieved by running fstat against the opened file,
and closing the file if it turns out to be a symlink.
The program may then give up or retry with some other filename.
Putting this logic in every program may be time-consuming. If so,
consider putting it in a shared library.
Even 32-bit random pids won't save sloppy programming. I can create,
say
2 million links in /tmp. Then I have a 1 to 1000 chance of
catching the programs that thinks the pid is a safe filename. How often
do I
get the chance? Every boot? Every time some kind of connection comes
in?
Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Jan 15 2000 - 21:00:23 EST