|
| From: | siddhesh at sourceware dot org |
| Subject: | [Bug binutils/26945] Unsafe chown+chmod in smart_rename, possibly elsewhere |
| Date: | Thu, 03 Dec 2020 14:49:37 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=26945 --- Comment #14 from Siddhesh Poyarekar <siddhesh at sourceware dot org> --- I've posted a patch series on the list[1][2][3][4] that should resolve this. In summary, smart_rename now takes an FD for the file to rename and a struct describing the ownership and timestamps to fix up. Both are derived by callers from the BFDs that were either read from or written and hence should be safe for smart_rename to use in fixing up permissions using fchown/fchmod. The mkstemp returned FD is also now used instead of being closed and reopened. There are a number of other cases where reusing the stat buffer or file descriptors might just be quicker but I've avoided touching those for now since they are not directly related to this specific fix. [1] https://sourceware.org/pipermail/binutils/2020-December/114390.html [2] https://sourceware.org/pipermail/binutils/2020-December/114391.html [3] https://sourceware.org/pipermail/binutils/2020-December/114392.html [4] https://sourceware.org/pipermail/binutils/2020-December/114393.html -- You are receiving this mail because: You are on the CC list for the bug.
| [Prev in Thread] | Current Thread | [Next in Thread] |