oss-sec mailing list archives
Re: Re: [LightDM] Version 1.0.6 released
From: Yves-Alexis Perez <corsac () debian org>
Date: Tue, 22 Nov 2011 22:39:03 +0100
On ven., 2011-11-11 at 13:27 -0500, Marc Deslauriers wrote:
On Fri, 2011-11-11 at 10:05 +0000, John Haxby wrote:On 11/11/11 08:06, Guido Berhoerster wrote:Replacing the file between the lstat and the open would change its inode and then be caught by the check before the fchown, no?Nope. There is no reason why the same inode should not be reused. On ext4 (btrfs seems to be different): $ touch test; ls -i test; rm test; touch test; ls -i test 656078 test 656078 test jchHow about the attached patch? Marc.
Note that O_NOFOLLOW seems to be Linux-only. Any idea how to handle it on other ports? Regards, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 09)
- Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 10)
- Re: Re: [LightDM] Version 1.0.6 released Robert Ancell (Nov 10)
- Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 11)
- Re: Re: [LightDM] Version 1.0.6 released John Haxby (Nov 11)
- Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 11)
- Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 22)
- Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 22)
- Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 22)
- Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)