[hylafax-devel] Re: problem to submit a fax request

To: Steve Williams <steve@genie96.com>; <hylafax-devel@hylafax.org>
Subject: [hylafax-devel] Re: problem to submit a fax request
From: Robert Colquhoun <rjc@trump.net.au>
Date: Thu, 09 Mar 2000 23:56:00

At 12:42 AM 3/9/00 -0700, Steve Williams wrote:
>...
>Removing the O_EXCL from the code has given me a fully functional hfaxd.
>
>Given that
>
>a) There is no way the patch could EVER have worked...unless suse doesn't
>    handle O_EXCL combined with O_CREAT the same as Redhat ( albiet 4.2 )..
>
>b) There was no due diligence executed, because there are 4 sequence files
>    used by HylaFAX, and the patch was only applied to one of the sequence
>    files..
>
>-rw-------   1 uucp     60002          5 Mar 08 23:37 /var/spool/fax/docq/seqf
>-rw-------   1 uucp     uucp           5 Mar 08 23:37 /var/spool/fax/log/seqf
>-rw-------   1 uucp     uucp           3 Mar 05 21:59 
>/var/spool/fax/recvq/seqf
>-rw-------   1 uucp     60002          5 Mar 08 23:37 
>/var/spool/fax/sendq/seqf
>
>
>My recommendation is to commit removing the O_EXCL in hfaxd/HylaFAXServer.c++
>until such point in time that someone submits viable security patches..
>( read... NOT ME )

Opening a file safely is quite hard, cutting and pasting from one of the 
security faqs:

        26. If you think that a file should be a file, use lstat() to
            make sure that it is not a link.  However, remember that
            what you check may change before you can get around to
            opening it if it is in a public directory (cf#20., above).

         To open a file, which should already exist:

         - lstat() the path, check that lstat succeeded
         - check that it's acceptable (eg, not a symlink)
         - open() (without O_CREAT), check that the open succeeded
         - fstat() the fd returned by open
         - if the lstat and fstat st_ino and st_dev fields match,
           accept.

         To create a new file, which doesn't already exist:

         - lstat() the path, check that you got ENOENT
         - open(...,...|O_CREAT|O_EXCL,...), check that it succeeded

         If you're really paranoid, then:

         - fstat() the fd returned by open
         - lstat() the path again, check that (a) it exists and (b)
           isn't a symlink
         - check that the fstat and the last lstat returned matching
           st_dev and st_ino fields

         NOTE: that the latter depends on the O_CREAT|O_EXCL semantics
         of not following a trailing symlink.



>Let me re-confirm, HylaFAX DOES NOT have the seqf open by multiple processes
>( fuser/lsof ) both confirm this.  The problem is with the combination of
>O_CREAT and O_EXCL WHEN THE FILE ALREADY EXISTS!!

...oops, yes!


- Robert

Prev by Date: [hylafax-devel] Re: Thanks & 2 more patches
Next by Date: [hylafax-devel] Re: Thanks & 2 more patches
Prev by thread: [hylafax-devel] Re: problem to submit a fax request
Next by thread: [hylafax-devel] Re: problem to submit a fax request
Index(es):
- Main
- Thread

Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services