|
(view this code in a separate window) #!/usr/bin/perl # # raceForward # # An example program vulnerable to multiple race conditions. # # Copyright 2002, Bri Hatch # # Released under the GPL. See COPYING file # for more information. # # ($username, $email) = @ARGV; $FILE = "/home/$username/.forward"; # Get user info ($uid,$gid) = (getpwnam($username))[2,3] or die "No such user $username"; # Check to see if file is in good shape. if ( ($fileuid) = (stat $FILE)[4] ) { unless ( $fileuid == $uid ) { die "Something is amiss with ${username}'s .forward."; } } else { # Make sure it's not a dangling symlink too! if ( ($fileuid) = (lstat $FILE)[4] ) { die "Whoa - dangling symlink! Trickery suspected!" } } # Race condition - what if file was changed # between the tests above and this open? open FORWARD, ">$FILE" or die; print FORWARD "$email\n"; close FORWARD; # More race conditions - what if file opened above # is changed before chown or chmod? chown $uid,$gid, $FILE or warn "Whoa, can't chown it." chmod 0600, $FILE or warn "Can't chmod the file."
|