[Debian-med-packaging] Bug#981404: Fix seems incomplete
wferi at niif.hu
wferi at niif.hu
Thu Feb 11 10:26:47 GMT 2021
Hi,
The patch in this bug report very much shrinks the window of the
vulnerability, but doesn't close it completely: the file is still
created with default permissions, then chmodded as a separate step.
It's hard, but not impossible to still win the race and open the file
before the chmod, enabling the same attack. I recommend something like
fd = open(dstFileName, O_WRONLY|O_CREAT|O_EXCL, 0600);
if (fd != -1)
f = fdopen( fd, "wb" );
if (fd == -1 || f == NULL)
DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno));
return f;
for example.
--
Regards,
Feri
More information about the Debian-med-packaging
mailing list