c1584502dec8ae19dfd89c6e598cc7648dfd78a6 |
|
14-Oct-2015 |
Petr Cech <pcech@redhat.com> |
TESTS: Restrictive permissions in check_and_open
Check and open tests try to write into and read from created files.
There is no reason to have executable permission, so this patch
replaces SSS_DFL_X_UMASK with DFL_UMASK permissions.
Resolves:
https://fedorahosted.org/sssd/ticket/2424
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
55a0f220ba8b35d7ea8e47ad19babdb05dd2bbe9 |
|
06-Apr-2010 |
Stephen Gallagher <sgallagh@redhat.com> |
Protect against check-and-open race conditions
There is a small window between running lstat() on a filename and
opening it where it's possible for the file to have been modified.
We were protecting against this by saving the stat data from the
original file and verifying that it was the same file (by device
and inode) when we opened it again, but this is an imperfect
solution, as it is still possible for an attacker to modify the
permissions during this window.
It is much better to simply open the file and test on the active
file descriptor.
Resolves https://fedorahosted.org/sssd/ticket/425 incidentally, as
without the initial lstat, we are implicitly accepting symlinks
and only verifying the target file. |