Bug#982519: zstd: Race condition allows attacker to access world-readable destination file
On Thu, 18 Feb 2021, Salvatore Bonaccorso wrote: > On Thu, Feb 11, 2021 at 08:33:58AM +0100, Sebastien Delafond wrote: > > The recently applied patch still creates the file with the default > > umask[0], before chmod'ing down to 0600, so an attacker could still open > > it in the meantime. > > FTR, this has been fixed upstream. > > https://github.com/facebook/zstd/commit/a774c5797399040af62db21d8a9b9769e005430e | Note that a downside of this solution is that it is global: `umask()` affects | all file creation calls in the process. I believe this is safe since | […] thread […] Why don’t you use a nōn-global solution then? Instead of fopen(…) do an open(…, 0600) followed by fdopen(). bye, //mirabilos -- Sometimes they [people] care too much: pretty printers [and syntax highligh- ting, d.A.] mechanically produce pretty output that accentuates irrelevant detail in the program, which is as sensible as putting all the prepositions in English text in bold font. -- Rob Pike in "Notes on Programming in C"
Bug#982519: zstd: Race condition allows attacker to access world-readable destination file
On Thu, Feb 11, 2021 at 08:33:58AM +0100, Sebastien Delafond wrote: > Package: zstd > Version: 1.4.8+dfsg-1 > Severity: grave > Tags: security > X-Debbugs-Cc: t...@security.debian.org > > The recently applied patch still creates the file with the default > umask[0], before chmod'ing down to 0600, so an attacker could still open > it in the meantime. FTR, this has been fixed upstream. https://github.com/facebook/zstd/commit/a774c5797399040af62db21d8a9b9769e005430e Regards, Salvatore
Bug#982519: zstd: Race condition allows attacker to access world-readable destination file
Package: zstd Version: 1.4.8+dfsg-1 Severity: grave Tags: security X-Debbugs-Cc: t...@security.debian.org The recently applied patch still creates the file with the default umask[0], before chmod'ing down to 0600, so an attacker could still open it in the meantime. Cheers, -- Seb [0] https://github.com/facebook/zstd/blob/dev/programs/fileio.c#L682
