| version 1.17, 1999/01/31 23:29:28 |
version 1.18, 1999/02/08 13:59:20 |
|
|
| <li>For instance, both <code>fopen</code> and <code>freopen</code> |
<li>For instance, both <code>fopen</code> and <code>freopen</code> |
| <strong>create a new file or open an existing file</strong> for |
<strong>create a new file or open an existing file</strong> for |
| writing. An attacker may create a symbolic link from |
writing. An attacker may create a symbolic link from |
| <code>/etc/paswd</code> to <code>/tmp/addrpool_dump</code>. The |
<code>/etc/passwd</code> to <code>/tmp/addrpool_dump</code>. The |
| instant you open it, your password file is hosed. Yes, even with |
instant you open it, your password file is hosed. Yes, even with |
| an <code>unlink</code> right before. You only narrow the window |
an <code>unlink</code> right before. You only narrow the window |
| of opportunity. Use <code>open</code> with |
of opportunity. Use <code>open</code> with |
![[BACK]](/icons/back.gif){kind=icon}
Return to porting.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www