Re: Uploaded devscripts 2.0.0 (source all) to master

To: Martin Bialasinski <martin@internet-treff.uni-koeln.de>
Cc: Debian Developerslist <debian-devel@lists.debian.org>
Subject: Re: Uploaded devscripts 2.0.0 (source all) to master
From: Joey Hess <joey@kitenet.net>
Date: Thu, 7 Jan 1999 15:43:49 -0800
Message-id: <[🔎] 19990107154349.C31787@kitenet.net>
Mail-followup-to: Martin Bialasinski <martin@internet-treff.uni-koeln.de>, Debian Developerslist <debian-devel@lists.debian.org>
In-reply-to: <[🔎] m0zyOlW-0003mNC@haitech.martin.home>; from Martin Bialasinski on Fri, Jan 08, 1999 at 12:22:58AM +0100
References: <[🔎] m0zyN4S-000InqC@polya> <[🔎] 874sq2iurz.fsf@nocrew.org> <[🔎] m0zyO9E-0003kCC@haitech.martin.home> <[🔎] 19990107180736.F15267@it.larc.nasa.gov> <[🔎] m0zyOlW-0003mNC@haitech.martin.home>

Martin Bialasinski wrote:
> With touch you mean the create? With the pseudocode creat, I mean
> something like (here in Perl): open OUT, ">def" or die "security
> violation";
> 
> Still a problem ?

Yes.

> But we are talking about a user running this script. If he has created 
> the file, noone else can remove it (if he hasn't the permission to do
> so). And if one can do this, then permissions on /tmp are broken and
> this is another story. 

The point is that a normal open command doesn't necessarily create a file.
If the file exists and is a symlink, it follows the symlink and opens the
file. You have to use the O_CREAT and O_EXCL flags to open(2) to be safe.

-- 
see shy jo

Reply to:

Follow-Ups:
- Re: Uploaded devscripts 2.0.0 (source all) to master
  - From: martin@internet-treff.uni-koeln.de (Martin Bialasinski)

References:
- Re: Uploaded devscripts 2.0.0 (source all) to master
  - From: jdg@maths.qmw.ac.uk (Julian Gilbey)
- Re: Uploaded devscripts 2.0.0 (source all) to master
  - From: James Troup <james@nocrew.org>
- Re: Uploaded devscripts 2.0.0 (source all) to master
  - From: martin@internet-treff.uni-koeln.de (Martin Bialasinski)
- Re: Uploaded devscripts 2.0.0 (source all) to master
  - From: Ben Collins <bmc@it.larc.nasa.gov>
- Re: Uploaded devscripts 2.0.0 (source all) to master
  - From: martin@internet-treff.uni-koeln.de (Martin Bialasinski)

Prev by Date: Re: Uploaded devscripts 2.0.0 (source all) to master
Next by Date: Re: Replacing fdisk by cfdisk?
Previous by thread: Re: Uploaded devscripts 2.0.0 (source all) to master
Next by thread: Re: Uploaded devscripts 2.0.0 (source all) to master
Index(es):
- Date
- Thread