Re: [gamin] Re: gamin library



On Wed, Jul 28, 2004 at 01:21:27PM +0200, y9toi7y02 sneakemail com wrote:
> On Tue, 27 Jul 2004, Daniel Veillard veillard-at-redhat.com |nautilus| wrote:
> ...
> >   That's not clear to me. the path is only used for a connect() call at the
> > library level in gamin_connect_unix_socket() this should not destroy data
> > in any way.
> >   On the server side the code does the following in gam_listen_unix_socket:
> >     if (stat(path, &st) == 0 && S_ISSOCK(st.st_mode)) {
> >       ...
> >       ret = unlink(path);
> >
> > so I believe the current code would not override or modify a symlink.
> > At worse the given /tmp/fam-<username>- link or resource would get removed
> > but certainly not overriden since man 2 unlink states
> >
> >    "If the name referred to a symbolic link the link is removed."
> >
> > I don't see a path for data loss so far.
> This is a classic race condition so the check is useless. Nothing
> prevents an attacker from recreating the link after you remove it, but
> before you open it (or only creating it after you check).

  I desactivated compilation if abstract sockets are not available
as a temporary solution until I get the right fix,

  thanks,

Daniel

-- 
Daniel Veillard      | Red Hat Desktop team http://redhat.com/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]