Opened 13 years ago
Closed 13 years ago
#4822 closed defect (fixed)
potentially exploitable file race in mythcdrom-linux.cpp
Reported by: | Owned by: | Isaac Richards | |
---|---|---|---|
Priority: | minor | Milestone: | 0.22 |
Component: | mythtv | Version: | 0.21-fixes |
Severity: | low | Keywords: | |
Cc: | Ticket locked: | no |
Description
The summary makes it sound more threatening then it is. But an attack could be made in mythcdrom-linux.cpp in the member function MythCDROMLinux::setSpeed(). The function makes a stat call using the string name of the cdrom device file and then an open using that same string. It is possible for the caller to get a good stat on a file with that filename and then switch the underlying file to something of their liking before the open call is made. It would be safer if the function tried the open, then did and fstat on the file descriptor.
Attachments (1)
Change History (3)
Changed 13 years ago by
Attachment: | libs_libmyth_mythcdrom-linux.cpp-guard-against-file-race-in.patch added |
---|
comment:1 Changed 13 years ago by
Milestone: | 0.21 → 0.22 |
---|
Note: See
TracTickets for help on using
tickets.
moves the open call up and does an fstat instead of stat