|
Viewing Issue Simple Details
[ Jump to Notes ]
|
[ View Advanced ]
[ Issue History ]
[ Print ]
|
|
ID |
Category |
Severity |
Reproducibility |
Date Submitted |
Last Update |
|
0000673 |
[uClibc] Security |
minor |
always |
01-30-06 19:20 |
02-03-06 18:21 |
|
|
Reporter |
rfelker |
View Status |
public |
|
|
Assigned To |
uClibc |
|
Priority |
normal |
Resolution |
fixed |
|
|
Status |
closed |
|
Product Version |
|
|
|
Summary |
0000673: race condition in opendir |
|
Description |
Due to a race condition, a malicious user can cause opendir to hang indefinitely by replacing a directory with [a symbolic link to] a fifo or other strange device. This could be used as DoS against system processes that traverse the directory tree. The race condition is between the call to stat() (using the file's name) and open (again using the name). Switching to nonblocking open followed by fstat might fix the problem. The safest solution is to use the Linux-specific O_DIRECTORY option to open to cause it to fail on nondirectories.
|
|
Additional Information |
|
|
|
Attached Files |
|
|
|
Relationships 
