Matthieu Herrb b67581cf82 Fix CVE-2011-4029: File permission change vulnerability. ...

Use fchmod() to change permissions of the lock file instead
of chmod(), thus avoid the race that can be exploited to set
a symbolic link to any file or directory in the system.

Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>

2011-10-18 15:58:00 +02:00

42 KiB

Raw Blame History

View Raw