oss-sec mailing list archives
Re: Re: [LightDM] Version 1.0.6 released
From: Guido Berhoerster <gber () opensuse org>
Date: Tue, 22 Nov 2011 23:51:36 +0100
* Yves-Alexis Perez <corsac () debian org> [2011-11-22 22:39]:
On ven., 2011-11-11 at 13:27 -0500, Marc Deslauriers wrote:On Fri, 2011-11-11 at 10:05 +0000, John Haxby wrote:On 11/11/11 08:06, Guido Berhoerster wrote:Replacing the file between the lstat and the open would change its inode and then be caught by the check before the fchown, no?Nope. There is no reason why the same inode should not be reused. On ext4 (btrfs seems to be different): $ touch test; ls -i test; rm test; touch test; ls -i test 656078 test 656078 test jchHow about the attached patch? Marc.Note that O_NOFOLLOW seems to be Linux-only. Any idea how to handle it on other ports?
No, it's specified in POSIX.1-2008, at least Linux, FreeBSD and Solaris 10 implemented it long before that. -- Guido Berhoerster
Current thread:
- Re: Re: [LightDM] Version 1.0.6 released, (continued)
- Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 09)
- Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 10)
- Re: Re: [LightDM] Version 1.0.6 released Robert Ancell (Nov 10)
- Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 11)
- Re: Re: [LightDM] Version 1.0.6 released John Haxby (Nov 11)
- Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 11)
- Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 22)
- Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 22)
- Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 22)
- Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)