retronetworking
/
isdn4k-utils
13
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

thinko in check for symlink in /tmp

This commit is contained in:
Paul Slootman 1998-10-26 20:21:14 +00:00
parent dd8bc02318
commit a34d4be10e
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
isdnlog/isdnlog/isdnlog.c
View File

@ -19,6 +19,10 @@
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* *
* $Log$ * $Log$
* Revision 1.25 1998/10/22 14:10:52 paul
* Check that /tmp/isdnctrl0 is not a symbolic link, which is a potential
* security threat (it can point to /etc/passwd or so!)
*
* Revision 1.24 1998/10/18 20:13:33 luethje * Revision 1.24 1998/10/18 20:13:33 luethje
* isdnlog: Added the switch -K * isdnlog: Added the switch -K
* *
@ -1010,7 +1014,7 @@ int main(int argc, char *argv[], char *envp[])
* If tmpout is a symlink, refuse to write to it (security hole). * If tmpout is a symlink, refuse to write to it (security hole).
* E.g. someone can create a link /tmp/isdnctrl0 -> /etc/passwd. * E.g. someone can create a link /tmp/isdnctrl0 -> /etc/passwd.
*/ */
if (!lstat(tmpout, &st) && S_ISLNK(st.st_rdev)) { if (!lstat(tmpout, &st) && S_ISLNK(st.st_mode)) {
print_msg(PRT_ERR, "File \"%s\" is a symlink, not writing to it!\n", tmpout); print_msg(PRT_ERR, "File \"%s\" is a symlink, not writing to it!\n", tmpout);
verbose = 0; verbose = 0;
} }