Date: Fri, 27 Dec 1996 00:30:01 -0800 (PST) From: J Wunsch <j@uriah.heep.sax.de> To: freebsd-bugs Subject: Re: bin/2291: Race condition in pw_lock (vipw, chpass, etc....) Message-ID: <199612270830.AAA10070@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/2291; it has been noted by GNATS.
From: J Wunsch <j@uriah.heep.sax.de>
To: dillon@backplane.com
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/2291: Race condition in pw_lock (vipw, chpass, etc....)
Date: Fri, 27 Dec 1996 09:20:55 +0100 (MET)
As Matthew Dillon wrote:
> /*
> * If the master password file doesn't exist, the system is hosed.
> * Might as well try to build one. Set the close-on-exec bit so
> * that users can't get at the encrypted passwords while editing.
> * Open should allow flock'ing the file; see 4.4BSD. XXX
^^^^^^^^^^
> */
> lockfd = open(_PATH_MASTERPASSWD, O_RDONLY, 0);
> if (lockfd < 0 || fcntl(lockfd, F_SETFD, 1) == -1)
> err(1, "%s", _PATH_MASTERPASSWD);
> if (flock(lockfd, LOCK_EX|LOCK_NB))
> errx(1, "the password db file is busy");
> return (lockfd);
> }
>
> There is a race condition between the open() call and the flock()
> call whereby one program may get access to the master.passwd file,
> The fix is simple.
Why not using the O_EXLOCK flag in open(2)?
--
cheers, J"org
joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612270830.AAA10070>