Buggy Advice from Adam
So in the “Code Review Guidelines” which I wrote a long time back, I quote a bit of code by Peter Guttmann, on how to open a file securely. Last week, Ilja van Sprundel got in touch with me, and said that the lstat/open/fstat chain is insecure, because you can recycle inodes by creating a lot of files. He pointed to an Olaf Kirch bugtraq post [link to http://www.security-express.com/archives/bugtraq/2000-01/0012.html no longer works].
Bad advice lifetime, seven years:
Revision 1.10 1999/06/01 19:25:49 adam added open comments from Peter
Although, really, I shouldn’t say bad. I should add “What should the programmer do?”
ctime will have changed between lstat and fstat – that’s your sign something is wrong.
O_NOFOLLOW was meant for this too
and ofcourse noone can ever change ctime ….
O_NOFOLLOW isn’t good enough either, the point is that there’s still a race, there can in fact be a totally different normal file and O_NOFOLLOW will still follow directory symlinks btw.
the point is that the whole lstat/open/fstat is flawed and simply cannot prevent the file from being a different file, no matter how hard you try.
http://turning-stone-casino.topfarmasearch.info turning stone casino