Mail Archives: cygwin/2005/12/22/10:14:11
CVS coreutils now uses <sys/fcntl.h>'s O_NOFOLLOW, when
available, to avoid a data race when changing directories while
avoiding symlinks (necessary for some traversal algorithms). Normally,
calling lstat() to prove something is a directory, followed by chdir(),
is a security risk, since lstat() could see a directory, then the attacker
replaces the directory with a symlink, so that the program then
changes to the wrong directory. But on platforms like newer Linux
where O_NOFOLLOW causes open() to fail when opening symlinks,
the sequence open(), fstat(), fchdir(), close() avoids the race
by proving that the target is still a directory and has not been
replaced by a symlink at the last minute.
It seems like it might be easy to add an O_NOFOLLOW flag to
cygwin (perhaps post-1.5.19), especially since you recently added
O_*SYNC and O_DIRECT. But I don't have copyright papers
in place, so for now this is just a feature request that you are
free to ignore, until someone provides an actual patch.
--
Eric Blake
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -