Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

38. Writing Secure Privileged Programs > Pitfalls When Performing File Operatio...

Pitfalls When Performing File Operations and File I/O

If a privileged process needs to create a file, then we must take care of that file’s ownership and permissions to ensure that there is never a point, no matter how brief, when the file is vulnerable to malicious manipulation. The following guidelines apply:

  • The process umask (The Process File Mode Creation Mask: umask() ) should be set to a value that ensures that the process never creates publicly writable files, since these could be modified by a malicious user.

  • Since the ownership of a file is taken from the effective user ID of the creating process, judicious use of seteuid() or setreuid() to temporarily change process credentials may be required in order ensure that a newly created file doesn’t belong to the wrong user. Since the group ownership of the file may be taken from process’s effective group ID (see Ownership of New Files), a similar statement applies with respect to set-group-ID programs, and the corresponding group ID calls can be used to avoid such problems. (To be strictly accurate, on Linux, the owner of a new file is determined by the process’s file-system user ID, which normally has the same value as the process’s effective user ID; refer to Section 9.5.)


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint