[Pkg-shadow-devel] Bug#778950: Bug#778950: shadow: CVE-2013-4235 symbolic link race condition

Serge Hallyn serge.hallyn at ubuntu.com
Wed Feb 25 06:43:39 UTC 2015

So it seems like the most robust way to handle this would be to at the top
of remove_tree do something like:

	fd = open(root);
	ret = fstat(fd, &sb);
	if (S_ISLNK(fd))
		return -1; // or unlink it, but warning the admin seems best
	DIR = fopendir(fd);

Is there another approach?

More information about the Pkg-shadow-devel mailing list