This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

O_NOFOLLOW and safer chdir

CVS coreutils now uses <sys/fcntl.h>'s O_NOFOLLOW, when
available, to avoid a data race when changing directories while
avoiding symlinks (necessary for some traversal algorithms).  Normally,
calling lstat() to prove something is a directory, followed by chdir(),
is a security risk, since lstat() could see a directory, then the attacker
replaces the directory with a symlink, so that the program then
changes to the wrong directory.  But on platforms like newer Linux
where O_NOFOLLOW causes open() to fail when opening symlinks,
the sequence open(), fstat(), fchdir(), close() avoids the race
by proving that the target is still a directory and has not been
replaced by a symlink at the last minute.

It seems like it might be easy to add an O_NOFOLLOW flag to
cygwin (perhaps post-1.5.19), especially since you recently added
O_*SYNC and O_DIRECT.  But I don't have copyright papers
in place, so for now this is just a feature request that you are
free to ignore, until someone provides an actual patch.

Eric Blake

Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]