On 2008 Nov 23, at 18:35, dpuu wrote:
On Nov 23, 2:33 pm, [EMAIL PROTECTED] (Aristotle Pagaltzis) wrote:
The API you propose does not seem to me to shorten code at all
and is likely to lead to problematic code, so it seems like a
bad idea. Interfaces should be designed to encourage people to
do things correctly and to make it hard to even think about the
nearly certainly wrong way.
I'm going to both agree and disagree. I agree that the specific
example of &chown.is_restricted is a bad idea, but only because the
POSIX API I was wrapping is itself flawed. In general I would continue
I think you're seeing something other than what we are. Checking any
external resource before operating on it introduces a race condition
which can allow an attacker to swap resources on you, so the item you
(in this case) chown() isn't the one you tested. (In this case, if
you're chown()ing to root, an attacker might substitute a shell for
the file you tested.)
--
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] [EMAIL PROTECTED]
system administrator [openafs,heimdal,too many hats] [EMAIL PROTECTED]
electrical and computer engineering, carnegie mellon university KF8NH
