OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Secure creating of socketdir in /tmp
From: Stanislav Brabec (utxpenguin.cz)
Date: Tue Dec 05 2000 - 07:45:45 CST

Thanks for your answers.

Matthieu Herrb wrote:
> You wrote (in your message from Sunday 3)
> >
> > Is there any situation/platform, where chmod() is needed?
>
> mkdir(2) creates the directory with the permissions restricted by the
> current umask. So if you want more rights than the the umask allows,
> you need to add them afterwards.
>
> i don't see any race condition here, since you'll only add rights in
> the second call.
>

If I have read OK, this is not documented in part mkdir() of libc
manual, but can be deduced from umask() or glibc source code:

-----------
  /* Race condition, but how else to do it? */
  mask = __umask (0777);
  (void) __umask (mask);

  p = cmd;
  *p++ = 'm';
  *p++ = 'k';
  *p++ = 'd';
  *p++ = 'i';
  *p++ = 'r';
  *p++ = ' ';

  mode &= ~mask;
  *p++ = '-';
  *p++ = 'm';
  *p++ = ' ';
  *p++ = ((mode & 07000) >> 9) + '0';
  *p++ = ((mode & 0700) >> 6) + '0';
  *p++ = ((mode & 070) >> 3) + '0';
  *p++ = ((mode & 07)) + '0';
  *p++ = ' ';

  strcpy (p, path);
-----------

> > Is there needed umask()? It is present only in esound (added by Eliot
> > Lee to "prevent race condition attacks"), but XFree86 code doesn't
> > contain is.
>
> If you set umask to 0 before calling mkdir, the chmod() call is not
> needed anymore. But IMHO calling umask(0) may be dangerous if the
> process creates a file afterwards.

Beacause mkdir() + chmod() way can be safe, I will remove umask(). 

-- 
Stanislav Brabec