On Thu, Mar 13, 2003 at 02:46:10PM +0100, Lenz Grimmer wrote:
> > > @@ -241,6 +242,16 @@
> > > {
> > > strmov(name,config_file);
> > > }
> > > + fn_format(name,name,"","",4);
> > > +#if !defined(__WIN__) && !defined(OS2)
> > > + {
> > > + MY_STAT stat_info;
> > > + if (!my_stat(name,&stat_info,MYF(MY_WME)))
> > > + return 0;
> > > + if (stat_info.st_mode & S_IWOTH) /* ignore world-writeable files
> */
> > > + return 0;
> > > + }
> > > +#endif
> > > if (!(fp = my_fopen(fn_format(name,name,"","",4),O_RDONLY,MYF(0))))
> > > return 0; /* Ignore wrong files */
> > >
> >
> > I'd recommend to replace this construction with my_fopen/my_fstat if at
> > all possible.
>
> I had to read up about this acronym first :)
>
> Anyway, even though the current patch indeed allows one to change the file
> permissions between time of check and time of use, it's a hypothetical
> issue. Only the file owner can change the permissions! A malicious user
> would need to be the owner of that file, before he could do that.
Btw, check for file ownership is also missing.
I've added
if (!getuid() && stat_info.st_uid) /* for root, ignore files owned by non-root */
return 0;
> So I am not sure, if we would gain anything here by using
You'll get a bit more secure code. :)
--
ldv
Attachment: [application/pgp-signature]
