Thread: C help
View Single Post
Old 05-10-07, 06:19 PM   #7
wnd
Nerd, Geek, Freak
 
wnd's Avatar
 
Join Date: Sep 2005
Location: Finland
Posts: 703
Default Re: C help

Quote:
Originally Posted by evilghost
I read that using lstat() versus access() causes greater overhead and I should use access() in place with R_OK to test if the file is ready for reading (exists). I don't need to check uid/gid since they can be different values and I'm not too concerned about owner since they are dropped in by authenticated users (me or my wife) over SSH.
Honestly, I don't know about lstat/access, but I can't see much difference. Both need to read the directory entry and I think it's reasonable to expect all metadata (per file) to be found in a single place, accessed with a single read.

What I do know is that access() happily follows symlinks. In other words you can create a symlink /www/dlf/dlf-albums/foo pointing at /bin and run your suid-executable to give wwwdata_GID (I hope that's a typo and it should read wwwdata_UID instead) full write access to /bin. As result, wwwdata_GID could potentially issue "rm -rf /bin" at his discretion.

Quote:
Originally Posted by evilghost
I also added a input length check to ensure the path passed doesn't exceed 255 characters, a number I determined to be a reasonable input length.
I can't see why this would be necessary (unless chmod(2) and chown(2) are broken), but with such a cheap sanity check you can't go wrong. Thinking of effects of long filenames in the log, I have also begun to wonder why you're not logging failed attempts.

Quote:
Originally Posted by evilghost
I also modified the code to take into account your suggestions.
- Include string.h for strncmp(), and sys/types.h and sys/stat.h for chmod()/chown(). :-)
- wwwdata_GID is probably supposed to be wwwdata_UID.
- If you end up using lstat, consider settings directories to 0770 and files to 0660.

I'm also wondering is suid-executable is the right way in the first place. How about an inbox for the files and a cronjob to set the permissions and move the files into place? How about an sh-script that copies the files in place and sets the files 0660 and directories 0770? How about an sh-script that uploads the files for a cgi-script to process? (for file in $files; do wget --post-file $file https://intra/foo/import?file=foo%20bar/baz.jpeg; done)
__________________
web | cat

Christianity, noun: The belief that a cosmic Jewish Zombie who was his own father can make you live forever if you symbolically eat his flesh and telepathically tell him you accept him as your master, so he can remove an evil force from your soul that is present in humanity because a rib-woman was convinced by a talking snake to eat from a magical tree. [mad.frog]

Last edited by wnd; 05-11-07 at 11:24 AM. Reason: --post-file
wnd is offline   Reply With Quote