Re: The open() system call in f8 really broken... | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
Tom "spot" Callaway wrote:
On Thu, 2007-08-16 at 16:36 -0400, Steve Dickson wrote:Pete Zaitcev wrote:- if ((fd = open(fname, readonly? O_RDONLY : (O_RDWR|O_CREAT))) < 0) { + if ((fd = (open)(fname, readonly? O_RDONLY : (O_RDWR|O_CREAT))) < 0) {Now you're just being unfriendly about it by finding ways to defeat a helpful check instead of adding the missing mode. What point are you trying to prove by doing this?The point I was trying to prove is by simply adding the '()' I could avoid the runtime abort and still have the security hole.... concluding the runtime check is very buggy so this check should never call abort() since it can't be correct 100% of time...This logic is flawed... if everytime it triggers is correct, we shouldn't remove the check because it misses possible cases. We'd really only want to remove it if found false positives.
And how would find that false positive? Which DB, controlling what, will come tumbling down? If you going to kill off process... I would think you would want to be correct 100% of the time... and this case the shows the check does not it right 100% of the time... and just so happen it errored on the side not to abort. steved. -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
[Home] [Fedora Users] [Fedora Devel Java] [Fedora Legacy] [Fedora Desktop] [Fedora SELinux] [Big List of Linux Books] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools]
