[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Weirdness with stat()

To: imaginos@imaginos.net, steve@kihakkt.jetcafe.org
Subject: Re: Weirdness with stat()
From: Antonomasia <ant@notatla.demon.co.uk>
Date: Tue, 4 Jul 2000 22:06:54 +0100
Cc: kernel-audit@nl.linux.org
Sender: owner-kernel-audit@nl.linux.org

> > struct stat *st;
> > 
> >    stat(CONFIG, st);
> >    if ((st->st_uid != 0) || (st->st_mode != 33152)) {
> >       fprintf(stderr, "Unsecure modes on configuration files\n");
> >       exit(1);
> >    }

> Neither, this is a bad use of stat.  In this case, st is an uninitialized
> pointer and you are having stat treat that as a pointer to some random
> location in memory which it dutifully fills with the stat information.
> Change your code to
> 
> struct stat st;              /* note not *st, just st */
> 
> stat(CONFIG, &st);           /* note &st not st */

You also want to test the return code of stat(); 0 if OK
before using any of the stuff like st->st_uid.


--
##############################################################
# Antonomasia   ant@notatla.demon.co.uk                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################

Kernel-audit:  discussion list for security and the linux kernel
Archive:       http://mail.nl.linux.org/kernel-audit/

Prev by Date: Re: Weirdness with stat()
Prev by thread: Re: Weirdness with stat()
Index(es):
- Date
- Thread