Hi,
> > diff --git a/libudev/libudev-util-private.c b/libudev/libudev-util-private.c
> > index 3641b36..28008c5 100644
> > --- a/libudev/libudev-util-private.c
> > +++ b/libudev/libudev-util-private.c
> > @@ -102,6 +102,10 @@ int util_unlink_secure(struct udev *udev, const char *filename)
> > {
> > int retval;
> >
> > + retval = chmod(filename, 0000);
> > + if (retval)
> > + err(udev, "chmod(%s, 0000) failed: %m\n", filename);
> > +
> > retval = chown(filename, 0, 0);
> > if (retval)
> > err(udev, "chown(%s, 0, 0) failed: %m\n", filename);
>
> We need only one chmod() here. I changed the order.
no, you need both. In the case that the device belonged to non-root before,
the owner could do a chmod() in between the chmod() and chown() and thus
retain privileges on the device node.
Florian
--
To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
