cvs commit: tng/source/lib util

-->

cvs commit: tng/source/lib util_sock.c: msg#00045

Subject:	cvs commit: tng/source/lib util_sock.c

elrond      2005/09/17 14:43:18 CEST

Modified files:
   source/lib             util_sock.c 
Log:
You remember this?

*** Please someone examine create_pipe_socket and fix it ***
*** if used other than for exclusive root access ***
*** (see perms, which should be 0700 and 0600) ***
*** there is a race condition to be exploited. ***

Luke added it years ago.

A nice person asked me to review it finally.
So I did.
The code wasn't critical anymore anyway, as the directory
is now created in a root-writable space anyway. But it
should be safe enough anyway also.

If anybody considers moving this back to /tmp or somesuch,
let me know, so I review it for harder security. But
there's no point in doing so IMHO.


Revision  Changes    Path
1.36      +10 -8     tng/source/lib/util_sock.c

Special educational offers, white papers, webcasts, podcasts

WEBCAST: Offshore software development: Making it a success with agile practices. Register Now:

WEBCAST: IBM WebSphere Portal V6.1 Web 2.0 Capabilities. Register Now:

WHITE PAPER: Best practices for software analysis (Best Practices)

DOWNLOAD NEW E-KIT: Download the IBM pureXML Developers Kit:

DOWNLOAD: Rational Trial Software – Rational Team Concert Free Information:

TUTORIAL: Debug iPhone Web applications with Eclipse

<Prev in Thread]	Current Thread	[Next in Thread>

Previous by Date:	cvs commit: tng/source/include ntdomain.h tng/source/lib msrpc-client.c tng/source/msrpc msrpcd.c, Elrond
Next by Date:	cvs commit: tng/source configure.mingw-cross tng/source/msrpc msrpcd.c msrpcd_process.c, Luke Kenneth Casson Leighton
Previous by Thread:	cvs commit: tng/source/lib util_sock.c, Luke Kenneth Casson Leighton
Next by Thread:	cvs commit: tng/source/lib msrpc-client.c, Luke Kenneth Casson Leighton
Indexes:	[Date] [Thread] [Top] [All Lists]

^^^ ADDITIONAL NAVIGATION ^^^

Recently Viewed:
mail.spam.rbl.s... php.seagull.gen... culture.religio... qnx.openqnx.dev... gnome.love/2006... bug-tracking.re... user-groups.lin... yellowdog.gener... handhelds.ipaq.... kde.announce/20... java.mx4j.devel... xfree86.expert/... recreation.cars... text.xml.expat.... web.zope.zope3/... version-control... db.carob.cvs/20... freebsd.perform... ecos.cvs/2003-0... linux.hotplug.d... systemtap/2006-... os.freebsd.secu...

Home | blog view | USPTO Patent Archive (NEW!) | advertise | OSDir is an inevitable website. super tiny logo