HTCondor Project List Archives

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-devel] safe_fopen_wrapper 66% safe, safe_open_wrapper only 50% safe

Date: Fri, 20 May 2011 12:18:20 -0400
From: Matthew Farrellee <matt@xxxxxxxxxxx>
Subject: [Condor-devel] safe_fopen_wrapper 66% safe, safe_open_wrapper only 50% safe

Blast from 12/16/2009 08:51 AM --

(i had a nice email describing the problem, but it disappeared, sohere's the summary from memory)

There are 3 things that safefile tries to do for open/fopen with regardsto security:


 0) don't let you create a file without an explicit mask
 1) don't let you create a file through a symlink
 2) don't let you open a file through a symlink

The implementation of safefile in Condor does not prevent you from doing(2).

This is because someone changed safe_open_no_create to be basicallyopen, without any symlink checks.


What is the reason for that change?

Why don't we have safefile as an external?

Best,


matt

Prev by Date: Re: [Condor-devel] Condor disk size
Next by Date: Re: [Condor-devel] Condor 7.6.1 timeline?
Previous by thread: Re: [Condor-devel] Condor disk size
Next by thread: [Condor-devel] sorting of groups in negotiation cycle
Index(es):
- Date
- Thread