ucm: fix TOCTOU race condition

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



alsa-project/alsa-lib pull request #367 was opened from szsam:

Separately checking the state of a file before operating on it may allow an attacker to modify the file between the two operations. Fix by calling readlink first. If that fails, then path should not be a symbolic link and we call open() followed by fstat(). open() with O_NOFOLLOW will return an error if the file is a symlink.

Request URL   : https://github.com/alsa-project/alsa-lib/pull/367
Patch URL     : https://github.com/alsa-project/alsa-lib/pull/367.patch
Repository URL: https://github.com/alsa-project/alsa-lib



[Index of Archives]     [ALSA User]     [Linux Audio Users]     [Pulse Audio]     [Kernel Archive]     [Asterisk PBX]     [Photo Sharing]     [Linux Sound]     [Video 4 Linux]     [Gimp]     [Yosemite News]

  Powered by Linux