Opened 13 years ago

Closed 13 years ago

#4822 closed defect (fixed)

potentially exploitable file race in mythcdrom-linux.cpp

Reported by: Erik Hovland <erik@…> Owned by: Isaac Richards
Priority: minor Milestone: 0.22
Component: mythtv Version: 0.21-fixes
Severity: low Keywords:
Cc: Ticket locked: no


The summary makes it sound more threatening then it is. But an attack could be made in mythcdrom-linux.cpp in the member function MythCDROMLinux::setSpeed(). The function makes a stat call using the string name of the cdrom device file and then an open using that same string. It is possible for the caller to get a good stat on a file with that filename and then switch the underlying file to something of their liking before the open call is made. It would be safer if the function tried the open, then did and fstat on the file descriptor.

Attachments (1)

libs_libmyth_mythcdrom-linux.cpp-guard-against-file-race-in.patch (1.6 KB) - added by Erik Hovland <erik@…> 13 years ago.
moves the open call up and does an fstat instead of stat

Download all attachments as: .zip

Change History (3)

Changed 13 years ago by Erik Hovland <erik@…>

moves the open call up and does an fstat instead of stat

comment:1 Changed 13 years ago by Isaac Richards

Milestone: 0.210.22

comment:2 Changed 13 years ago by Nigel

Resolution: fixed
Status: newclosed

(In [16348]) Minor robustness/security patch from Erik Hovland. Closes #4822

Note: See TracTickets for help on using tickets.