-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/04/10 14:59, Fabian Knittel wrote:
> Hi David,
>
> David Sommerseth wrote:
> (BTW, I thought creat() took a flags parameter, but it only takes a mode
> param. My mistake. So you're correct in wanting to use open() instead of
> creat().)
>
> To
Hi David,
David Sommerseth wrote:
> On 16/04/10 11:35, Gert Doering wrote:
>> Hi,
>
>> On Fri, Apr 16, 2010 at 11:16:32AM +0200, David Sommerseth wrote:
>>> I'll look more into this, as the only advantage is that if open() with
>>> O_EXCL|O_CREAT fails if the file exists, it should be used instea
Hi,
On Fri, Apr 16, 2010 at 11:02:34AM +0100, Davide Brini wrote:
> > Unfortunately, this won't help against symlink attacks directed to
> > non-existant files (like "-> /etc/nologin").
>
> "If O_EXCL and O_CREAT are set, and path names a symbolic link, open() shall
> fail and set errno to [EEXI
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/04/10 11:35, Gert Doering wrote:
> Hi,
>
> On Fri, Apr 16, 2010 at 11:16:32AM +0200, David Sommerseth wrote:
>> I'll look more into this, as the only advantage is that if open() with
>> O_EXCL|O_CREAT fails if the file exists, it should be used
On Friday 16 Apr 2010 10:35:54 Gert Doering wrote:
> On Fri, Apr 16, 2010 at 11:16:32AM +0200, David Sommerseth wrote:
> > I'll look more into this, as the only advantage is that if open() with
> > O_EXCL|O_CREAT fails if the file exists, it should be used instead.
>
> Unfortunately, this won't h
Hi,
On Fri, Apr 16, 2010 at 11:16:32AM +0200, David Sommerseth wrote:
> I'll look more into this, as the only advantage is that if open() with
> O_EXCL|O_CREAT fails if the file exists, it should be used instead.
Unfortunately, this won't help against symlink attacks directed to
non-existant file
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/04/10 10:50, David Sommerseth wrote:
> On 16/04/10 10:08, Fabian Knittel wrote:
>> Hi David,
>
>> David Sommerseth schrieb:
>>> As promised in the meeting today, a patch for hardening
>>> create_temp_filename().
>
>> Great! :)
>
>>> I've added
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/04/10 10:08, Fabian Knittel wrote:
> Hi David,
>
> David Sommerseth schrieb:
>> As promised in the meeting today, a patch for hardening
>> create_temp_filename().
>
> Great! :)
>
>> I've added more checks to what create_temp_filename() returns
Hi David,
David Sommerseth schrieb:
> As promised in the meeting today, a patch for hardening
> create_temp_filename().
Great! :)
> I've added more checks to what create_temp_filename() returns where it
> is called in addition, to make it even safer.
> + do {
> uint8_t rndbytes[16];
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi James,
As promised in the meeting today, a patch for hardening
create_temp_filename().
I've added more checks to what create_temp_filename() returns where it
is called in addition, to make it even safer.
Please let me know what you think. If yo
10 matches
Mail list logo
