From owner-freebsd-security@FreeBSD.ORG Tue Jan 16 02:17:19 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1B06316A415 for ; Tue, 16 Jan 2007 02:17:19 +0000 (UTC) (envelope-from erdgeist@erdgeist.org) Received: from elektropost.org (elektropost.org [80.237.196.4]) by mx1.freebsd.org (Postfix) with ESMTP id 6A40B13C44B for ; Tue, 16 Jan 2007 02:17:18 +0000 (UTC) (envelope-from erdgeist@erdgeist.org) Received: (qmail 39262 invoked by uid 0); 16 Jan 2007 02:16:49 -0000 Received: from fuckup.club.berlin.ccc.de (HELO ?23.23.23.91?) (erdgeist@erdgeist.org@195.160.172.2) by elektropost.org with AES256-SHA encrypted SMTP; 16 Jan 2007 02:16:49 -0000 Message-ID: <45AC35A6.7090103@erdgeist.org> Date: Tue, 16 Jan 2007 03:17:10 +0100 From: Dirk Engling User-Agent: Thunderbird 1.5.0.9 (Macintosh/20061207) MIME-Version: 1.0 To: Colin Percival References: <200701111841.l0BIfWOn015231@freefall.freebsd.org> <45A6DB76.40800@freebsd.org> <20070113112937.GI90718@garage.freebsd.pl> <45ABDC7C.6060407@erdgeist.org> <20070115210826.GA2839@garage.freebsd.pl> <45ABEEEE.4030609@erdgeist.org> <20070115220039.GB2839@garage.freebsd.pl> <45AC29EA.70009@erdgeist.org> <45AC2E9F.20901@freebsd.org> In-Reply-To: <45AC2E9F.20901@freebsd.org> X-Enigmail-Version: 0.94.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, Pawel Jakub Dawidek Subject: Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jan 2007 02:17:19 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Colin Percival wrote: > No. `cp -f` unlinks the existing file and creates a new file, but will > still follow a symlink if one is created between the "unlink" syscall and > the "open" syscall. > > /* remove existing destination file name, > * create a new file */ > (void)unlink(to.p_path); > if (!lflag) > to_fd = open(to.p_path, O_WRONLY | O_TRUNC | O_CREAT, > fs->st_mode & ~(S_ISUID | S_ISGID)); You are right. Atomically in binary is not atomical enough. mv in its rename()-form will do the job, so we need to create a file in . by mktemp and mv it to the real name when filled. Regards erdgeist -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFFrDWmImmQdUyYEgkRAgSgAJ0c5mcaM4LByBUE0LC1Iqdj8ZFSAACdF9qM fFETX4I+Fvue0u+343bBG8c= =MkSh -----END PGP SIGNATURE-----