[AD] pack_fdopen

[ Thread Index | Date Index | More lists.liballeg.org/allegro-developers Archives ]


Title: pack_fdopen

A new patch from Annie, to fix a security problem.


  Warning: I'm not a security specialist, some parts of or all the following
paragraph may be bogus.

  For security reasons, the creation of a temp file must be atomic (or a race
condition can occur).  It is therefore not secure to create a file with
mkstemp, close it and open it again.  (As far I understand the issue) The file
descriptor returned by mkstemp must be converted to a PACKFILE.  Thus I've
written a pack_fdopen function.  This function is used in pack_fopen_chunk, but
also in pack_fopen (which does very few things, now).  Also, closing a file to
reopen it in read mode can create unsecure race conditions, therefore i've
changed the pack_fclose_chunk too (with the strange effect that, now,
pack_fclose can set errno to EMFILE...).

  pack_fdopen is similar to fdopen, but it is not able to convert a file that
has been partially read or written (the file offset must be 0).

  The patch i've made uses the functions:
 . lseek (sys/types.h, unistd.h), conforming to SVr4, POSIX, BSD 4.3
 . dup (unistd.h), conforming to SVr4, SVID, POSIX, X/OPEN, BSD 4.3
** Does these functions exist under Mac/Win/Dos/etc. ?

  Last, I've made some code reorganization.

To apply the patch:
cd allegro
patch -p1 < fdopen.diff

--
annie

--
Vincent Penquerc'h

 

Attachment: fdopen.diff
Description: Binary data



Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/