Date: Wed, 29 May 1996 17:44:29 -0600 (MDT) From: Dave Andersen <angio@aros.net> To: terry@lambert.org (Terry Lambert) Cc: jfieber@indiana.edu, rhh@ct.picker.com, p.richards@elsevier.co.uk, freebsd-questions@freebsd.org Subject: Re: Er... how long Message-ID: <199605292344.RAA12179@terra.aros.net> In-Reply-To: <199605291809.LAA13861@phaeton.artisoft.com> from "Terry Lambert" at May 29, 96 11:09:53 am
next in thread | previous in thread | raw e-mail | index | archive | help
Lo and behold, Terry Lambert once said:
> What race condition do you believe exists such that this will
> happen?
The same race condition which allows the setgid version of filter to be
used to read anyone's email. :-)
When filter handles your file, it creates a temp file in /tmp. It
then closes this file, and passes the filename to other functions for
handling. The other functions open up the file, do their stuff, close
the file, and hand the filename off to still further functions.
You get the drift. There are several points during this when the
file can be modified between filter functions. My guess is that there's
a decent chance that, on a slow system with a lot of email activity,
you'll eventually run in to a conflict. That's just a guess based on
some hacking of the source.
Incidentally, if anyone wants it, I rewrote filter to not pass
filenames around but instead to use it's brain and pass file descriptors
like a good little program should. I did it primarily to fix the
security hole -- the linux version runs setgid -- but it also has the
advantage of not having the same race conditions, saves a couple file
opens and closes, etc.
-Dave Andersen
--
angio@aros.net Complete virtual hosting and business-oriented
system administration Internet services. (WWW, FTP, email)
http://www.aros.net/ http://www.aros.net/about/virtual
"There are only two industries that refer to thier customers as 'users'."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605292344.RAA12179>