X-Spam-Check-By: sourceware.org
Message-ID: <46CF0C0B.9030703@byu.net>
Date: Fri, 24 Aug 2007 10:49:15 -0600
From: Eric Blake <ebb9 AT byu DOT net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070728 Thunderbird/2.0.0.6 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: cygwin1.dll bug in open(O_EXCL)
References: <46CEDC45 DOT 7070704 AT byu DOT net> <20070824145630 DOT GT23854 AT calimero DOT vinschen DOT de>
In-Reply-To: <20070824145630.GT23854@calimero.vinschen.de>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to Corinna Vinschen on 8/24/2007 8:56 AM:
>> According to POSIX, this should have failed with EEXIST, and oops should
>> not have been created.
> 
> If I understand this right, it means that O_EXCL implies not following
> symlinks.  I've applied a matching patch to CVS.  Please give it a try.

Looks like that got it.  Once cygwin 1.7.0 comes out, I will revert my
hack to tar-1.18-2 (I had to add a non-atomic lstat prior to the
open(O_CREAT|O_EXCL) to check for the existence of symlinks; it fixes the
original bug in tar behavior, but adds an alternate bug in the form of a
small race window where a malicious symlink could be injected between the
lstat and open).

As a side effect of your change, open("broken_symlink", O_RDWR|O_EXCL) now
fails with EACCES instead of ENOENT, but since POSIX leaves O_EXCL without
O_CREAT as undefined behavior, I'm not too worried (I checked this case,
because your patch made it so that the code path actually defers to
fhandler::open on a symlink, whereas before it did not; I don't care what
the error is, as long as it is not possible to grab an fd on a raw
unfollowed symlink).

- --
Don't work too hard, make some time for fun as well!

Eric Blake             ebb9 AT byu DOT net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGzwwL84KuGfSFAYARAjCwAJ0XBU+ecbz0qxDvfYdaUUMKXDb9WgCgxOTJ
zTlqEIjiHLySVQ04A9GFe2M=
=nHLp
-----END PGP SIGNATURE-----

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/