thread pool helpers
tridge at samba.org
tridge at samba.org
Fri May 1 06:05:26 GMT 2009
Hi Jerry,
> fd = open()
> secdesc = GetSecurityDescriptor(fd)
> if (!RtlAccessCheck(token, secdesc)) {
> close(fd)
> }
> SaveFdToFileHandle(fd)
>
> Do you agree?
yep, for opens that don't imply O_CREAT this can work, unless the
system has a device driver installed that takes an undesirable action
on open() on a device inode. That would be pretty unusual.
You can also use O_NOFOLLOW to reduce the chance of this problem
happening on systems that support it.
> The create/overwrite is a little tricker. I'll have
> to think about an answer for those cases more.
One method that would beat the symlink race condition is this:
1) break the path into directory and name components, then always
chdir() to the directory first. After the chdir check you ended up
where you expected to.
2) once in the directory, try the open with O_NOFOLLOW, if that works
or if the open fails with something other than -1/ELOOP then you're
done.
3) use readlink() to resolve the link and check that you like the
destination of the link according to directory/file access controls,
then goto 2. Make sure you have a maximum loop count.
So basically you never do an open() without O_NOFOLLOW, and resolve
the symlinks in userspace.
> Ahh...I thought this was considered a bug and disabled in
> newer kernels. Sounds like I need to go back and read
> up some more.
maybe some kernels do - it would be worth having a runtime check for
this :-)
Cheers, Tridge
More information about the samba-technical
mailing list