On 11/17/18 8:22 PM, scsijon wrote: >> > > Arn't they part of stat? > > I believe openbsd have a getfsuid(), though not sure how good it is.
Yeah, I could open(O_NOFOLLOW) the file, confirm it's a directory, fstat(), fchown() with the same filehandle, and close(). It's just 3 times longer than what I'm doing and still _feels_ racy. :( The problem is mkdir/mknod don't return a filehandle to the newly created inode, so there's a race condition between creating the entry and then doing something else to it later. (That's why I'm using lchown(), so if somebody drops a symlink the chown() doesn't follow it.) The nice thing about checking attributes on the _process_ is I don't have to worry about things changing in the world-visible filesystem between two non-atomic operations in a way I didn't anticipate. (I can't immediately think how this is exploitable, but my instincts are to not allow gaps where things can be fiddled with where somebody cleverer than me thinks of something I didn't. Read/gap-where-it-can-change/write is a race condition. Sometimes unavoidable, but never something to be happy about in a general system tool running from scripts.) Rob _______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
