1
Description: fix arbitrary file overwrite via lock counter race condition
2
Author: Marc Deslauriers <marc.deslauriers@canonical.com>
3
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/732628
5
Index: ecryptfs-utils-89/src/utils/mount.ecryptfs_private.c
6
===================================================================
7
--- ecryptfs-utils-89.orig/src/utils/mount.ecryptfs_private.c 2011-07-28 13:58:58.829446203 -0400
8
+++ ecryptfs-utils-89/src/utils/mount.ecryptfs_private.c 2011-07-28 13:59:32.639446194 -0400
10
* file, or it's not owned by the current user, append iterator
11
* until we find a filename we can use.
14
- if (stat(f, &s)==0 && (!S_ISREG(s.st_mode) || s.st_uid!=uid)) {
16
+ if (((fd = open(f, O_RDWR | O_CREAT | O_NOFOLLOW, 0600)) >= 0) &&
17
+ (fstat(fd, &s)==0 && (S_ISREG(s.st_mode) && s.st_uid==uid))) {
23
if (asprintf(&f, "%s/%s-%s-%s-%d", TMP, FSTYPE, u,
32
- /* open file for reading and writing */
33
- if ((fd = open(f, O_RDWR)) < 0) {
34
- /* Could not open it, so try to safely create it */
35
- if ((fd = open(f, O_RDWR | O_CREAT | O_EXCL, 0600)) < 0) {
46
fh = fdopen(fd, "r+");