[Devel] vzctl: race condition at open("/sbin/init")
Vasily Kulikov
segoon at openwall.com
Wed Jul 25 12:07:50 PDT 2012
Hi,
stat()+open() is not atomic in the code below, so there is a race
condition. A container root may change /sbin/init between these calls
to e.g. FIFO and then make the vzctl's process hang up on read().
I'd add O_NOCTTY to open's flags and change stat() before open() to
fstat() just after open().
vzctl-3.3/src/lib/readelf.c:
int get_arch_from_elf(const char *file)
{
...
if (stat(file, &st)) <<<<<
return -1;
if (!S_ISREG(st.st_mode))
return -1;
fd = open(file, O_RDONLY); <<<<<
if (fd < 0)
return -1;
nbytes = read(fd, (void *) &elf_hdr, sizeof(elf_hdr));
...
}
Thanks,
--
Vasily
More information about the Devel
mailing list