svn commit: r243328 - head/lib/libutil
Eitan Adler
eadler at freebsd.org
Tue Nov 20 15:59:44 UTC 2012
On 20 November 2012 08:38, Baptiste Daroussin <bapt at freebsd.org> wrote:
> On Tue, Nov 20, 2012 at 02:22:26PM +0200, Jaakko Heinonen wrote:
>>
>> Hi!
>>
>> On 2012-11-20, Baptiste Daroussin wrote:
>> > change mode the group file to 0644 after a successfull rename(2)
>> >
>> > int
>> > gr_mkdb(void)
>> > {
>> > - return (rename(tempname, group_file));
>> > + int ret;
>> > +
>> > + ret = rename(tempname, group_file);
>> > +
>> > + if (ret == 0)
>> > + chmod(group_file, 0644);
>> > +
>> > + return (ret);
>> > }
>>
>> Rename+chmod is not an atomic operation. There is a window when the file
>> has wrong permissions. Also, you don't check the return value of
>> chmod(). Maybe chmod first and then rename?
>>
>> --
>> Jaakko
>
> Does this looks better to you?
> http://people.freebsd.org/~bapt/gr_util.diff
This makes more sense.
--
Eitan Adler
Source, Ports, Doc committer
Bugmeister, Ports Security teams
More information about the svn-src-head
mailing list