-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
stat() files before open()ing them. This should help with issues such…
… as opening /dev/watchdog (#745)
- Loading branch information
Showing
1 changed file
with
9 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 comment
on commit 8639866
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doesn't the stat information test before open be more stringent?
Reading the stat(2) :
The following mask values are defined for the file type of the st_mode field:
S_IFMT 0170000 bit mask for the file type bit field
S_IFSOCK 0140000 socket
S_IFLNK 0120000 symbolic link
S_IFREG 0100000 regular file
S_IFBLK 0060000 block device
S_IFDIR 0040000 directory
S_IFCHR 0020000 character device
S_IFIFO 0010000 FIFO
Thus, to test for a regular file (for example), one could write:
stat(pathname, &sb);
if ((sb.st_mode & S_IFMT) == S_IFREG) {
/* Handle regular file */
}
How much paranoid does your program need to be?
There may be a case for testing the stat of the file before AND the fstat after opening, to prevent TOCTOU issues.
The use case given is a hostile environment where files can be changed by the attacker after you a check the stat of the file name and before you open (e.g. a quick substitute of a link for a regular file).