From b67581cf825940fdf52bf2e0af4330e695d724a4 Mon Sep 17 00:00:00 2001 From: Matthieu Herrb <matthieu.herrb@laas.fr> Date: Mon, 17 Oct 2011 20:27:35 +0000 Subject: Fix CVE-2011-4029: File permission change vulnerability. Use fchmod() to change permissions of the lock file instead of chmod(), thus avoid the race that can be exploited to set a symbolic link to any file or directory in the system. Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> --- diff --git a/os/utils.c b/os/utils.c index fe49254..07cf4c2 100644 --- a/os/utils.c +++ b/os/utils.c @@ -297,7 +297,7 @@ LockServer(void) FatalError("Could not create lock file in %s\n", tmp); (void) sprintf(pid_str, "%10ld\n", (long)getpid()); (void) write(lfd, pid_str, 11); - (void) chmod(tmp, 0444); + (void) fchmod(lfd, 0444); (void) close(lfd); /* -- cgit v0.9.0.2-2-gbebe