[Debian-med-packaging] Bug#982519: Bug#981404: Fix seems incomplete
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 11 15:54:53 GMT 2021
Hi Feri,,
On Thu, Feb 11, 2021 at 11:26:47AM +0100, wferi at niif.hu wrote:
> Hi,
>
> The patch in this bug report very much shrinks the window of the
> vulnerability, but doesn't close it completely: the file is still
> created with default permissions, then chmodded as a separate step.
> It's hard, but not impossible to still win the race and open the file
> before the chmod, enabling the same attack. I recommend something like
>
> fd = open(dstFileName, O_WRONLY|O_CREAT|O_EXCL, 0600);
> if (fd != -1)
> f = fdopen( fd, "wb" );
> if (fd == -1 || f == NULL)
> DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno));
> return f;
>
> for example.
See #982519 respectively https://github.com/facebook/zstd/issues/2491
upstream.
Regards,
Salvatore
More information about the Debian-med-packaging
mailing list