[AD] pack_fdopen |
[ Thread Index | Date Index | More lists.liballeg.org/allegro-developers Archives ]
A new patch from Annie, to fix a security problem.
Warning: I'm not a security specialist, some parts of or all the following
paragraph may be bogus.
For security reasons, the creation of a temp file must be atomic (or a race
condition can occur). It is therefore not secure to create a file with
mkstemp, close it and open it again. (As far I understand the issue) The file
descriptor returned by mkstemp must be converted to a PACKFILE. Thus I've
written a pack_fdopen function. This function is used in pack_fopen_chunk, but
also in pack_fopen (which does very few things, now). Also, closing a file to
reopen it in read mode can create unsecure race conditions, therefore i've
changed the pack_fclose_chunk too (with the strange effect that, now,
pack_fclose can set errno to EMFILE...).
pack_fdopen is similar to fdopen, but it is not able to convert a file that
has been partially read or written (the file offset must be 0).
The patch i've made uses the functions:
. lseek (sys/types.h, unistd.h), conforming to SVr4, POSIX, BSD 4.3
. dup (unistd.h), conforming to SVr4, SVID, POSIX, X/OPEN, BSD 4.3
** Does these functions exist under Mac/Win/Dos/etc. ?
Last, I've made some code reorganization.
To apply the patch:
cd allegro
patch -p1 < fdopen.diff
--
annie
--
Vincent Penquerc'h
Attachment:
fdopen.diff
Description: Binary data
Mail converted by MHonArc 2.6.19+ | http://listengine.tuxfamily.org/ |