Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: O_EXCL (was: How about MODDIR being configure'able?)



> symlink" exploit.  The code that creates a file based on the return of
> mktemp() is all using O_EXCL, so we're OK.

Not entirely, though I can't imagine anyone attempting
malicious acts upon someone's zftp session.

Index: Src/Modules/zftp.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/Modules/zftp.c,v
retrieving revision 1.20
diff -u -r1.20 zftp.c
--- Src/Modules/zftp.c	2001/09/28 17:35:45	1.20
+++ Src/Modules/zftp.c	2001/10/16 04:06:41
@@ -1918,7 +1918,7 @@
      */
     if (zfstatfd == -1) {
 	fname = gettempname();
-	zfstatfd = open(fname, O_RDWR|O_CREAT, 0600);
+	zfstatfd = open(fname, O_RDWR|O_CREAT|O_EXCL, 0600);
 	DPUTS(zfstatfd == -1, "zfstatfd not created");
 #if defined(F_SETFD) && defined(FD_CLOEXEC)
 	/* If the shell execs a program, we don't want this fd left open. */



Messages sorted by: Reverse Date, Date, Thread, Author