Hi Laban,
Am Samstag, 16. Februar 2008 17:20:59 schrieb Lmwangi:
> Started hunting for warnings to fix based on their severity,
> flawfinder -S -m 5 gives me an TOCTTOU alert for chmod'ing of the sockets:
> openvas-libraries/libopenvas/bpf_share.c:368
> ./openvas-libnasl/nasl/nasl_server.c:92
> Done abit of research and it seems like fchmod on sockets ends up in
> undefined behaviour..
> http://www.opengroup.org/onlinepubs/009695399/functions/fchmod.html
>
> http://72.14.205.104/search?q=cache:eIrjutZ5XAgJ:www.cs.helsinki.fi/linux/l
>inux-kernel/Year-1999/1999-03/0942.html+Under+Linux+2.1.130,+fchmod+and&hl=e
>n&ct=clnk&cd=1
> http://linux.derkeiler.com/Mailing-Lists/Kernel/2004-11/0188.html Confirmed
> this with a small program that attempts to fchmod a socket descriptor..
> Nothing works..
> Should we disregard the warning from flawfinder? Any ideas for a
> workaround?
I've tried to undestand the problem and potential solutions but failed.
I guess this needs more investigation or a more clever mind ;-)
So, perhaps best to postpone this issue and first resolve the others.
Maybe some bright idea comes to one of us.
Best
Jan
_______________________________________________
Openvas-devel mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel