diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 2012-06-18 00:33:48 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 2012-06-18 00:33:48 +0000 |
commit | a7e024bf8cce2ccb754d7ecef9c9bebf4a8e7c5b (patch) | |
tree | 3c767f3c9ce5e9646cec713670d6cfe55d664b20 | |
parent | e3572ee10b9c76e407a985734e97e791fce50ba5 (diff) |
Fix potential symlink race condition in "rm -P" by adding a check
that the file we have opened is the one we expected. Also open in
non-blocking mode to avoid a potential hang with FIFOs. Reported
by Radoslaw A. Zarzynski. Fix adapted from NetBSD. OK guenther@
-rw-r--r-- | bin/rm/rm.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/bin/rm/rm.c b/bin/rm/rm.c index 10a6404fb1e..5d6b46622a1 100644 --- a/bin/rm/rm.c +++ b/bin/rm/rm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rm.c,v 1.23 2009/10/27 23:59:22 deraadt Exp $ */ +/* $OpenBSD: rm.c,v 1.24 2012/06/18 00:33:47 millert Exp $ */ /* $NetBSD: rm.c,v 1.19 1995/09/07 06:48:50 jtc Exp $ */ /*- @@ -270,7 +270,7 @@ rm_file(char **argv) int rm_overwrite(char *file, struct stat *sbp) { - struct stat sb; + struct stat sb, sb2; struct statfs fsb; size_t bsize; int fd; @@ -289,8 +289,15 @@ rm_overwrite(char *file, struct stat *sbp) file, sbp->st_ino); return (0); } - if ((fd = open(file, O_WRONLY, 0)) == -1) + if ((fd = open(file, O_WRONLY|O_NONBLOCK|O_NOFOLLOW, 0)) == -1) + goto err; + if (fstat(fd, &sb2)) goto err; + if (sb2.st_dev != sbp->st_dev || sb2.st_ino != sbp->st_ino || + !S_ISREG(sb2.st_mode)) { + errno = EPERM; + goto err; + } if (fstatfs(fd, &fsb) == -1) goto err; bsize = MAX(fsb.f_iosize, 1024U); |