Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail

From: Dirk Engling <erdgeist@xxxxxxxxxxxx>
Date: Tue, 16 Jan 2007 03:17:10 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Colin Percival wrote:

No. `cp -f` unlinks the existing file and creates a new file, but will
still follow a symlink if one is created between the "unlink" syscall and
the "open" syscall.

/* remove existing destination file name,
* create a new file */
(void)unlink(to.p_path);
if (!lflag)
to_fd = open(to.p_path, O_WRONLY | O_TRUNC | O_CREAT,
fs->st_mode & ~(S_ISUID | S_ISGID));

You are right. Atomically in binary is not atomical enough.

mv in its rename()-form will do the job, so we need to create a file in
. by mktemp and mv it to the real name when filled.

Regards

erdgeist
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFFrDWmImmQdUyYEgkRAgSgAJ0c5mcaM4LByBUE0LC1Iqdj8ZFSAACdF9qM
fFETX4I+Fvue0u+343bBG8c=
=MkSh
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Follow-Ups:
- Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
  - From: Bruce Evans

References:
- FreeBSD Security Advisory FreeBSD-SA-07:01.jail
  - From: FreeBSD Security Advisories
- HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
  - From: Colin Percival
- Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
  - From: Pawel Jakub Dawidek
- Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
  - From: Dirk Engling
- Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
  - From: Pawel Jakub Dawidek
- Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
  - From: Dirk Engling
- Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
  - From: Pawel Jakub Dawidek
- Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
  - From: Dirk Engling
- Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
  - From: Colin Percival

Prev by Date: Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
Next by Date: Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
Previous by thread: Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
Next by thread: Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
Index(es):
- Date
- Thread

Relevant Pages

Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
... the "open" syscall. ... forced unlink() followed by an open. ... copying to move across file systems and there is no way to control this. ... Changing the target to a symlink to a directory on a different file ...
(FreeBSD-Security)
Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
... the "open" syscall. ... It only creates the temporary file if the target doesn't already exists, ... forced unlink() followed by an open. ... target file can be a symlink and openby default follows symlinks. ...
(FreeBSD-Security)
Re: chown mistake with symlinks
... > want with a symlink. ... I don't have an AIX box at hand to check. ... This depends on the lchown() syscall. ...
(comp.unix.aix)
kern___getcwd() returns ENOTDIR
... At every syscall I need a full name of file is being passed to a syscall. ... with / I get current working directory of process using kern___getcwd. ... Sometimes in unlink and everytime in rmdir it returns "not a directory" error. ...
(freebsd-hackers)
Re: kern___getcwd() returns ENOTDIR
... +>> I'm writng a smal kernel module that catches file access syscalls. ... +>> At every syscall I need a full name of file is being passed to a syscall. ... +>> Sometimes in unlink and everytime in rmdir it returns "not a directory" error. ...
(freebsd-hackers)