ansaurus

Question

Answer 1

+8 A:

You need the three-argument form of open() when you specify O_CREAT. When you omit the third argument, open() uses whatever value happens to be on the stack where the third argument was expected; this is seldom a coherent set of permissions.

The third argument is the permissions on the file - which will be modified by the umask() value.

int fd2 = open("/tmp/test.svg", O_RDWR | O_CREAT, S_IRUSR | S_IRGRP | S_IROTH);

Note that you can create a file without write permissions (to anyone else, or any other process) while still being able to write to it from the current process. There is seldom a need to use execute bits on files created from a program - unless you are writing a compiler (and '.svg' files are not normally executables!).

The S_xxxx flags come from '<sys/stat.h>'.

Jonathan Leffler 2010-03-07 07:13:30

If you have recent versions of both the glibc headers and gcc, gcc can warn you about leaving out that third argument to `open`.

caf 2010-03-07 07:27:13

@Jonathan: is there something wrong in what i have posted? You have mentioned about following malicious broken symlinks and problem with fixed name in production code. What/why are these problems?

N 1.1 2010-03-07 08:07:01

@nvl: Let's say that two users, bill and joe, both run your program at the same time. Both create a file /tmp/test.svg...whose data is used? Let's say Mr Malicious works on your machine, and manages to do: `ln -s /etc/passwd /tmp/test.svg`. Now one of two things is going to happen when your program runs: (1) you get an open error because you can't write to /etc/passwd (you aren't root), or (2) you get a copy of your SVG image in /etc/passwd because you are root. Neither is normally considered desirable. And Mr Malicious can also do: `ln -s /usr/lib/security/libmalpam.so /tmp/test.svg`...

Jonathan Leffler 2010-03-07 08:10:47

@nvl: ...where libmalpam.so doesn't yet exist; if your code leaves that publicly writable, then the bad guy has a chance to create a shared library in the PAM (pluggable authentication module) area, which can then, perhaps, be leveraged. Etc. So, not being careful with how you open files can lead to all sorts of problems. This assumes root is inveigled into running your code, of course. If it is someone else, then they won't be able to do any damage...probably.

Jonathan Leffler 2010-03-07 08:12:16

i didnt have the slightest idea of the problem's gravity! Thank you

N 1.1 2010-03-07 08:19:43

@nvl The `fopen` is a buffered C Library "high-level" function, versus the `open` which is an OS syscall (`man 2 intro`). See Secure Programming for Linux and Unix HOWTO http://www.dwheeler.com/secure-programs/ for details about secure programming.

mctylr 2010-03-07 08:20:13

@mctylr : thanks for the link :)

N 1.1 2010-03-07 08:25:40

ansaurus

tags:

views:

answers:

Create a file in linux using c

related questions