Is SHA1 cookie authentication broken?
Daniel P. Berrange
dan at berrange.com
Fri Aug 25 18:44:01 PDT 2006
On Fri, Aug 25, 2006 at 06:26:49PM -0400, Havoc Pennington wrote:
> For file ownership, seems right to just set it properly, though I
> haven't thought through possible race-condition-based attacks between
> writing the file and changing its permissions, there may be some.
There shouldn't be any race condition attacks if you explicitly pass
the permissions you want as the 3rd param to open() since it should
be atomically created with desired permissions. If it already exists
then you can chmod() it before writing the data just in case - although
they're already doomed if the file exists ahead of time with wrong
permissions.
Dan.
--
|=- GPG key: http://www.berrange.com/~dan/gpgkey.txt -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- berrange at redhat.com - Daniel Berrange - dan at berrange.com -=|
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.freedesktop.org/archives/dbus/attachments/20060826/339ce1d9/attachment.pgp
More information about the dbus
mailing list