[Fontconfig] Re: [patch]: mmapping FontConfig data structures (fwd)

Behdad Esfahbod behdad at cs.toronto.edu
Sat Jun 11 02:46:38 EST 2005


---------- Forwarded message ----------
Date: Fri, 10 Jun 2005 12:42:38 -0400
From: Patrick Lam <plam at MIT.EDU>
To:	Behdad Esfahbod <behdad>
Subject: Re: [Fontconfig] Re: [patch]: mmapping FontConfig data structures

Behdad Esfahbod wrote:
> You better use O_EXCL anyway.  Just in case two copies of fc-mmap
> happen to run in parallel, or something.


> How is fc-mmap supposed to be called BTW?  Why not dump the cache
> in the library if it doesn't exist?

Just run fc-mmap/fc-mmap (it has a few options, but you don't need any
to successfully run.)  What do you mean by the library?

> I don't know the code myself. And have not tested. Try manually making a
> symlink from the name of your file to be created and have it point to
> another existing file ... and see what your code does to it. (Imagine
> someone malicious making a symlink pointing to your password database and
> waiting for someone to run this routine as root to cause a simple denial
> of service.)

Here's what I do now:

    unlink (FcMmapFilename());
    fd = open(FcMmapFilename(), O_RDWR | O_CREAT | O_TRUNC | O_EXCL, 0600);
    if (fd == -1)
        return FcFalse;

Is that sufficient?

What I meant by 'just hanging around' was that someone could modify the
file and cause arbitrary stuff to be read into memory; taking a CRC
would prevent that.  If the CRC is not useful, then I won't take it.


More information about the Fontconfig mailing list