> [symlink-paranoia code]
> However, consider an average setuid root application, [...]. When
> the application reaches the critical section of code between the
> lstat and the open, you stop it by sending it a SIGSTOP.
If you can send it a SIGSTOP, either you're running as root (in which
case you don't *need* to play with symlink races), the application is
running as you (in which case breaking it buys you nothing), or signal
delivery is critically broken.
In fact, I suspect that any process you can SIGSTOP, you can attach to
with ptrace and do whatever you want without need for subtrefuge.
> --for instance a lookup of /tmp/foo (as done by lstat()) will
> change the directory's atime.
"That turns out not to be the case." Or at least, you can't count on
it:
[Sparkle] 115> ls -ldu /tmp
drwxrwxrwt 24 root 2560 Jan 2 21:15 /tmp
[Sparkle] 116> date
Mon Jan 3 23:15:27 EST 2000
[Sparkle] 117> ls -ld /tmp/foobar
/tmp/foobar not found
[Sparkle] 118> ls -ldu /tmp
drwxrwxrwt 24 root 2560 Jan 2 21:15 /tmp
[Sparkle] 119>
der Mouse
mouse_at_rodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Received on Jan 04 2000
Intro
